@inproceedings{0aa77c8e2c384458bcfc6ec2691da519,
title = "The problem of false alarms: Evaluation with Snort and DARPA 1999 dataset",
abstract = "It is a common issue that an Intrusion Detection System (IDS) might generate thousand of alerts per day. The problem has got worse by the fact that IT infrastructure have become larger and more complicated, the number of generated alarms that need to be reviewed can escalate rapidly, making the task very difficult to manage. Moreover, a significant problem facing current IDS technology now is the high level of false alarms. The main purpose of this paper is to investigate the extent of false alarms problem in Snort, using the 1999 DARPA IDS evaluation dataset. A thorough investigation has been carried out to assess the accuracy of alerts generated by Snort IDS. Significantly, this experiment has revealed an unexpected result; with 69% of total generated alerts are considered to be false alarms.",
keywords = "DARPA dataset, False positive, Intrusion detection system, Snort, True positive",
author = "Tjhai, {Gina C.} and Maria Papadaki and Furnell, {Steven M.} and Clarke, {Nathan L.}",
year = "2008",
doi = "10.1007/978-3-540-85735-8_14",
language = "English",
isbn = "3540857346",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "139--150",
booktitle = "Trust, Privacy and Security in Digital Business - 5th International Conference, TrustBus 2008, Proceedings",
note = "5th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2008 ; Conference date: 04-09-2008 Through 05-09-2008",
}