%0 Journal Article
%T An Approach to Filter False Positive Alerts Based on RS-SVM Theory<br>基于粗糙集-支持向量机理论的过滤误报警方法
%A Xiao Yun
%A Han Chong-zhao
%A Zheng Qing-hua
%A Zhao ting
%A <br>肖云
%A 韩崇昭
%A 郑庆华
%A 赵婷
%J 电子与信息学报
%D 2007
%I 
%X To filter false positive alerts generated by Intrusion Detection Systems(IDS),19 related attributes for distinguishing false positive alerts from true alerts are summarized according to the root and timeliness of intrusion alerts,and an approach to filter these false positive alerts based on RS-SVM(Rough Set and Support Vector Machine) theory is proposed.First,redundant attributes are removed and 10 attributes are obtained utilizing rough set theory in the proposed approach.Then the problem of filtering false positive alerts on the dataset with those 10 attributes is transformed to classification problem,and the classifier is constructed using support vector machine theory.The experimental data is the alert dataset raised by Snort,a network intrusion detection system,monitoring the Defense Advanced Research Projects Agency 1999 intrusion evaluation data(DARPA99).The experimental results show that the proposed approach can reduce about 98% false positive alerts at the cost of increasing about 1.6% false negative alerts.The results of this method are better than those of the other methods that adopt the same dataset and same IDS reported in the literature.
%K Intrusion detection
%K False positive alert
%K False negative alert
%K Rough Set(RS)
%K Support Vector Machine(SVM)<br>入侵检测
%K 误报警
%K 漏报警
%K 粗糙集
%K 支持向量机
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=1319827C0C74AAE8D654BEA21B7F54D3&jid=EFC0377B03BD8D0EF4BBB548AC5F739A&aid=CB9948DD8B3AE49FCDE0DA7911D1FEEB&yid=A732AF04DDA03BB3&vid=771469D9D58C34FF&iid=59906B3B2830C2C5&sid=1BC7431C81AD2093&eid=A2A361E8179A54A7&journal_id=1009-5896&journal_name=电子与信息学报&referenced_num=0&reference_num=10