Show simple item record

dc.contributor.authorKiruki, Jane K.
dc.contributor.authorMuketha, Geoffrey M.
dc.contributor.authorKamau, Gabriel N.
dc.date.accessioned2023-02-07T06:45:18Z
dc.date.available2023-02-07T06:45:18Z
dc.date.issued2023-01
dc.identifier.citationInternational Journal of Network Security & Its Applications (IJNSA) Vol.15, No.1, January 2023en_US
dc.identifier.urihttps://aircconline.com/ijnsa/V15N1/15123ijnsa02.pdf
dc.identifier.urihttp://hdl.handle.net/123456789/6166
dc.description.abstractNetwork intrusions compromise the network’s confidentiality, integrity and availability of resources. Intrusion detection systems (IDSs) have been implemented to prevent the problem. Although IDS technologies are promising, their ability of detecting true alerts is far from being perfect. One problem is that of producing large numbers of false alerts, which are termed as malicious by the IDS. In this paper we propose a set of metrics for evaluating the IDS alerts. The metrics will identify false, low-level and redundant alerts by mapping alerts on a vulnerability database and calculating their impact. The metrics are calculated using a metric tool that we developed. We validated the metrics using Weyuker’s properties and Kaner’s framework. The metrics can be considered as mathematically valid since they satisfied seven of the nine Weyuker’s properties. In addition, they can be considered as workable since they satisfied all the evaluation questions from Kaner’s framework.en_US
dc.language.isoenen_US
dc.subjectIntrusion detection systems, honeypot, firewall, alert correlation, fuzzy logic, security metricsen_US
dc.titleMetrics For Evaluating Alerts in Intrusion Detection Systemsen_US
dc.typeArticleen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record