Intrusion detection using alert prioritization and multiple minimum supports

Due to increase in traffic volume, current commercial IDSs (Intrusion Detection Systems) usually tend to produce a very large number of alarms. Although these alarms are triggered by actual intrusions, they are often triggered by regular user behavior, thus increasing the false alarm rate and overwhelming the security administrator. Mining algorithms that identify association rules provide an in-depth analysis of security breaches and extend the functionality of IDSs. In this paper we present a potential solution for reducing the false alarm rate. Our approach is based on the prioritization of alerts, a rescoring mechanism and data mining techniques with multiple minimum supports.