Key points are not available for this paper at this time.
This paper presents an alert correlation system for mitigating the false positives problem on network-based intrusion detection, when anomalous detection techniques are applied. The system allows the quantitative assessment of the likelihood that an alert issued because an anomaly becomes a real threat. To do this the differences between the characteristics of the model representing the habitual and legitimate network usage are taken into account, as well as the most representative features of the traffic that generated the alert. The result is a quantitative assessment of its similarity to the network legitimate usage, and the prioritization of the issued alerts. Experiments have demonstrated the validity of the proposal. The 95.7% of the false positives were labeled as low priority treatment alerts, and the various real threats were properly identified.
Vidal et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: