<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Metrics for Evaluating Alerts in Intrusion Detection Systems</title> <!-- common meta tags --> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="title" content="Metrics for Evaluating Alerts in Intrusion Detection Systems"> <meta name="description" content="Network intrusions compromise the network鈥檚 confidentiality, integrity and availability of resources. Intrusion detection systems (IDSs) have been implemented to prevent the problem. Although IDS technologies are promising, their ability of detecting true alerts is far from being perfect. One problem is that of producing large numbers of false alerts, which are termed as malicious by the IDS. In this paper we propose a set of metrics for evaluating the IDS alerts. The metrics will identify false, low-level and redundant alerts by mapping alerts on a vulnerability database and calculating their impact. The metrics are calculated using a metric tool that we developed. We validated the metrics using Weyuker鈥檚 properties and Kaner鈥檚 framework. The metrics can be considered as mathematically valid since they satisfied seven of the nine Weyuker鈥檚 properties. In addition, they can be considered as workable since they satisfied all the evaluation questions from Kaner鈥檚 framework"/> <meta name="keywords" content="Intrusion detection systems, honeypot, firewall, alert correlation, fuzzy logic, security metrics"/> <!-- end common meta tags --> <!-- Dublin Core(DC) meta tags --> <meta name="dc.title" content="Metrics for Evaluating Alerts in Intrusion Detection Systems"> <meta name="citation_authors" content="Jane Kinanu Kiruki "> <meta name="citation_authors" content="Geoffrey Muchiri Muketha"> <meta name="citation_authors" content="Gabriel Kamau"> <meta name="dc.type" content="Article"> <meta name="dc.source" content="International Journal of Network Security & Its Applications (IJNSA) Vol.15, No.1"> <meta name="dc.date" content="2023/01/31"> <meta name="dc.identifier" content="10.5121/ijnsa.2023.151012"> <meta name="dc.publisher" content="AIRCC Publishing Corporation"> <meta name="dc.rights" content="http://creativecommons.org/licenses/by/3.0/"> <meta name="dc.format" content="application/pdf"> <meta name="dc.language" content="en"> <meta name="dc.description" content="Network intrusions compromise the network鈥檚 confidentiality, integrity and availability of resources. Intrusion detection systems (IDSs) have been implemented to prevent the problem. Although IDS technologies are promising, their ability of detecting true alerts is far from being perfect. One problem is that of producing large numbers of false alerts, which are termed as malicious by the IDS. In this paper we propose a set of metrics for evaluating the IDS alerts. The metrics will identify false, low-level and redundant alerts by mapping alerts on a vulnerability database and calculating their impact. The metrics are calculated using a metric tool that we developed. We validated the metrics using Weyuker鈥檚 properties and Kaner鈥檚 framework. The metrics can be considered as mathematically valid since they satisfied seven of the nine Weyuker鈥檚 properties. In addition, they can be considered as workable since they satisfied all the evaluation questions from Kaner鈥檚 framework."/> <meta name="dc.subject" content="Intrusion detection systems"> <meta name="dc.subject" content="honeypot"> <meta name="dc.subject" content="firewall"> <meta name="dc.subject" content="alert correlation"> <meta name="dc.subject" content="fuzzy logic"> <meta name="dc.subject" content="security metrics"> <!-- End Dublin Core(DC) meta tags --> <!-- Prism meta tags --> <meta name="prism.publicationName" content="International Journal of Network Security & Its Applications (IJNSA) "> <meta name="prism.publicationDate" content="2023/01/31"> <meta name="prism.volume" content="15"> <meta name="prism.number" content="1"> <meta name="prism.section" content="Article"> <meta name="prism.startingPage" content="15"> <!-- End Prism meta tags --> <!-- citation meta tags --> <meta name="citation_journal_title" content="International Journal of Network Security & Its Applications (IJNSA)"> <meta name="citation_publisher" content="AIRCC Publishing Corporation"> <meta name="citation_authors" content="Jane Kinanu Kiruki1, 3, Geoffrey Muchiri Muketha2 and Gabriel Kamau "> <meta name="citation_title" content="Metrics for Evaluating Alerts in Intrusion Detection Systems "> <meta name="citation_online_date" content="2023/01/31"> <meta name="citation_issue" content="15"> <meta name="citation_firstpage" content="15"> <meta name="citation_authors" content="Jane Kinanu Kiruki "> <meta name="citation_authors" content="Geoffrey Muchiri Muketha"> <meta name="citation_authors" content="Gabriel Kamau"> <meta name="citation_doi" content="10.5121/ijnsa.2023.151012"> <meta name="citation_abstract_html_url" content="https://aircconline.com/abstract/ijnsa/v15n1/15123ijnsa02.html"> <meta name="citation_pdf_url" content="https://aircconline.com/ijnsa/V15N1/15123ijnsa02.pdf"> <!-- end citation meta tags --> <!-- Og meta tags --> <meta property="og:site_name" content="AIRCC" /> <meta property="og:type" content="article" /> <meta property="og:url" content="https://aircconline.com/abstract/ijnsa/v15n1/15123ijnsa02.html"> <meta property="og:title" content="Metrics for Evaluating Alerts in Intrusion Detection Systems "> <meta property="og:description" content="Network intrusions compromise the network鈥檚 confidentiality, integrity and availability of resources. Intrusion detection systems (IDSs) have been implemented to prevent the problem. Although IDS technologies are promising, their ability of detecting true alerts is far from being perfect. One problem is that of producing large numbers of false alerts, which are termed as malicious by the IDS. In this paper we propose a set of metrics for evaluating the IDS alerts. The metrics will identify false, low-level and redundant alerts by mapping alerts on a vulnerability database and calculating their impact. The metrics are calculated using a metric tool that we developed. We validated the metrics using Weyuker鈥檚 properties and Kaner鈥檚 framework. The metrics can be considered as mathematically valid since they satisfied seven of the nine Weyuker鈥檚 properties. In addition, they can be considered as workable since they satisfied all the evaluation questions from Kaner鈥檚 framework."/> <!-- end og meta tags --> <!-- INDEX meta tags --> <meta name="google-site-verification" content="t8rHIcM8EfjIqfQzQ0IdYIiA9JxDD0uUZAitBCzsOIw" /> <meta name="yandex-verification" content="e3d2d5a32c7241f4" /> <!-- end INDEX meta tags --> <style type="text/css"> .imagess { height:90px; text-align:left; margin:0px 5px 2px 8px; float:right; border:none; } a{ color:white; text-decoration:none; } ul li a{ font-weight:bold; color:#000; list-style:none; text-decoration:none; size:10px;} #button{ float: left; font-size: 17px; margin-left: 10px; height: 28px; width: 100px; background-color: #1e86c6; } </style> <link rel="stylesheet" type="text/css" href="../main.css" /> </head> <body> <div id="wap"> <div id="page"> <div id="top"> <table width="100%" cellspacing="0" cellpadding="0" > <tr><td colspan="3" valign="top"><img src="../ijnsa.gif" /></td></tr> </table> </div> <div id="menu"> <a href="http://airccse.org/journal/ijnsa.html">Home</a> <a href="http://airccse.org/journal/editorial.html">Editorial</a> <a href="http://airccse.org/journal/paper.html">Submission</a> <a href="http://airccse.org/journal/jnsa_index.html">Indexing</a> <a href="http://airccse.org/journal/special.html">Special Issue</a> <a href="http://airccse.org/journal/jcontact.html">Contacts</a> <a href="http://airccse.org" target="_blank">AIRCC</a></div> <div id="content"> <div id="left"> <h2>Volume 15, Number 1</h2> <h4 style="text-align:center;"><a>Metrics for Evaluating Alerts in Intrusion Detection Systems</a></h4> <h3>&nbsp;&nbsp;Authors</h3> <p class="#left">Jane Kinanu Kiruki^1,2, Geoffrey Muchiri Muketha¹ and Gabriel Kamau¹, ¹Murang鈥檃 University of Technology, Kenya, ²Chuka University, Kenya </p> <h3>&nbsp;&nbsp;Abstract</h3> <p class="#left right" style="text-align:justify">Network intrusions compromise the network鈥檚 confidentiality, integrity and availability of resources. Intrusion detection systems (IDSs) have been implemented to prevent the problem. Although IDS technologies are promising, their ability of detecting true alerts is far from being perfect. One problem is that of producing large numbers of false alerts, which are termed as malicious by the IDS. In this paper we propose a set of metrics for evaluating the IDS alerts. The metrics will identify false, low-level and redundant alerts by mapping alerts on a vulnerability database and calculating their impact. The metrics are calculated using a metric tool that we developed. We validated the metrics using Weyuker鈥檚 properties and Kaner鈥檚 framework. The metrics can be considered as mathematically valid since they satisfied seven of the nine Weyuker鈥檚 properties. In addition, they can be considered as workable since they satisfied all the evaluation questions from Kaner鈥檚 framework. </p> <h3>&nbsp;&nbsp;Keywords</h3> <p class="#left right" style="text-align:justify">Intrusion detection systems, honeypot, firewall, alert correlation, fuzzy logic, security metrics. </p><br> <button type="button" id="button"><a target="blank" href="/ijnsa/V15N1/15123ijnsa02.pdf">Full Text</a></button> &nbsp;&nbsp;<button type="button" id="button"><a href="http://airccse.org/journal/jnsa23_current.html">Volume 15</a></button> <br><br><br><br><br> </div> <div id="right"> <div class="menu_right"> <ul><li id="id"><a href="http://airccse.org/journal/ijnsa.html">Scope &amp; Topics</a></li> <li><a href="http://airccse.org/ethics.html">Ethics</a></li> <li><a href="http://airccse.org/journal/jnsa_archive.html">Archives</a></li> <li><a href="http://airccse.org/journal/articles.html">Most Cited Articles</a></li> <li><a href="http://airccse.org/journal/ijnsaleaflet.pdf" title="">Download leaflet</a></li> <li><a href="http://airccse.org/faq.html" target="_blank">FAQ</a></li> </ul> </div><br /> <p align="center">&nbsp;</p> <p align="center">&nbsp;</p> </div> <div class="clear"></div> <div id="footer"><table width="100%" ><tr><td height="25" colspan="2"><br /><p align="center">&copy; AIRCC Publishing Corporation</p></td></table> </div> </div> </div> </div> </body> </html>