tailieunhanh - Event correlation in network security to reduce false positive

This paper gives an overview of data mining field & security information event management system. We will see how various data mining techniques can be used in security information and event management system to enhance the capabilities of the system. | ISSN:2249-5789 Anita Rajendra Zope et al , International Journal of Computer Science & Communication Networks,Vol 3(3),182-186 Event Correlation in Network Security to Reduce False Positive Rajendra Zope, Prof. Abstract—As the network based computer system plays an important role in modern society they have become target of our enemies and criminals. Therefore we need to find the best possible ways to protect our IT System. Different methods and algorithms are developed and proposed in recent years to improve intrusion detection systems. The most important issue in current systems is False Positive alarm rate. This is because current systems are poor at detecting novel anomaly attacks. These kinds of attacks refer to any action that significantly deviates from the normal behavior which is considered intrusion. Many NIDSs are signature based which consider only one device log, and conclude whether intrusion happened or not and internet attacks are increasing exponentially and there have been various attacks methods, consequently. This paper gives an overview of data mining field & security information event management system. We will see how various data mining techniques can be used in security information and event management system to enhance the capabilities of the system. we can use Data mining using Event Correlation Technique (ECT) for Network Intrusion Detection such thatby correlating events at different component of network security NIDS can identify whether actually intrusion occurred or not. Index Terms—Data mining, security information event management system. I. INTRODUCTION In many industries computer network play an important role for information exchange, example tender quotations or for sending confidential information computer networks re most preferred. And so they have become the targets of our enemies and criminals. Therefore, we need to find the best ways possible to protect our systems. When Intrusion occurs security