Metrics for Evaluating Alerts in Intrusion Detection Systems

dc.contributor.authorJane Kinanu Kiruki1, 3, Geoffrey Muchiri Muketha2 and Gabriel Kamau1
dc.date.accessioned2025-03-04T09:28:45Z
dc.date.available2025-03-04T09:28:45Z
dc.date.issued2023-01-05
dc.descriptionResearch article
dc.description.abstractNetwork intrusions compromise the network’s confidentiality, integrity and availability of resources. Intrusion detection systems (IDSs) have been implemented to prevent the problem. Although IDS technologies are promising, their ability of detecting true alerts is far from being perfect. One problem is that of producing large numbers of false alerts, which are termed as malicious by the IDS. In this paper we propose a set of metrics for evaluating the IDS alerts. The metrics will identify false, low-level and redundant alerts by mapping alerts on a vulnerability database and calculating their impact. The metrics are calculated using a metric tool that we developed. We validated the metrics using Weyuker’s properties and Kaner’s framework. The metrics can be considered as mathematically valid since they satisfied seven of the nine Weyuker’s properties. In addition, they can be considered as workable since they satisfied all the evaluation questions from Kaner’s framework
dc.identifier.citationKiruki, J. K., Muketha, G. M., & Kamau, G. N. (2023). Metrics for Evaluating Alerts in Intrusion Detection Systems.
dc.identifier.urihttps://aircconline.com/ijnsa/V15N1/15123ijnsa02.pdf
dc.identifier.urihttps://repository.chuka.ac.ke/handle/123456789/16626
dc.language.isoen
dc.publisherinternational journal of network security and its appplication
dc.subjectntrusion detection systems
dc.subjecthoneypot
dc.subjectfirewall
dc.subjectalert correlation
dc.subjectfuzzy logic
dc.subjectsecurity metrics
dc.titleMetrics for Evaluating Alerts in Intrusion Detection Systems
dc.typeArticle

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
15123ijnsa02.pdf
Size:
1.54 MB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: