The methods of decreasing FP in Anomaly based Intrusion Prevent System by using of complex information about information system
DOI:
https://doi.org/10.20535/tacs.2664-29132024.1.296412Abstract
The main aim of this work is to optimize the efficiency of intrusion detection using complex analysis of indicators in information system by reducing the number of false positives, as well as the development of a universal technique for such optimization. Using laboratory environment with installed SIEMs Wazuh and Splunk we test the proposed optimization methods and proposed newly methodic for decreasing rating false/positive for some intrusion detecting systems.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
