• Jan 05, 2017 News![CFP] 2017 the annual meeting of IJFCC Editorial Board, ICCTD 2017, will be held in Paris, France during March 20-22, 2017.   [Click]
  • Mar 24, 2016 News! IJFCC Vol. 4, No. 4 has been indexed by EI (Inspec).   [Click]
  • Jun 28, 2017 News!Vol.6, No.3 has been published with online version.   [Click]
General Information
    • ISSN: 2010-3751
    • Frequency: Bimonthly (2012-2016); Quarterly (Since 2017)
    • DOI: 10.18178/IJFCC
    • Editor-in-Chief: Prof. Mohamed Othman
    • Executive Editor: Ms. Nancy Y. Liu
    • Abstracting/ Indexing: Google Scholar, Engineering & Technology Digital Library, and Crossref, DOAJ, Electronic Journals LibraryEI (INSPEC, IET).
    • E-mail:  ijfcc@ejournal.net 
Editor-in-chief
Prof. Mohamed Othman
Department of Communication Technology and Network Universiti Putra Malaysia, Malaysia
It is my honor to be the editor-in-chief of IJFCC. The journal publishes good papers in the field of future computer and communication. Hopefully, IJFCC will become a recognized journal among the readers in the filed of future computer and communication.
IJFCC 2012 Vol.1(2): 87-90 ISSN: 2010-3751
DOI: 10.7763/IJFCC.2012.V1.23

False Positives and Negatives from Real Traffic with Intrusion Detection/Prevention Systems

Cheng-Yuan Ho, Ying-Dar Lin, Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai

Abstract—False Positives (FPs) and False Negatives (FNs) happen to every Intrusion Detection/Prevention System (IDS/IPS). This work proposes a mechanism of False Positive/Negative Assessment (FPNA) with multiple IDSs/IPSs to collect FP and FN cases from real-world traffic. Over a period of sixteen months, more than two thousand FPs and FNs have been collected and analyzed. From the statistical analysis results, we obtain three interesting findings. First, more than 92.85% of false cases are FPs even if the numbers of attack types for FP and FN are similar. Second, about 91% of FP alerts, equal to about 85% of false cases, are not related to security issues, but to management policy. The last finding shows that buffer overflow, SQL server attack and worm slammer attacks account for 93% of FNs, even though they are aged attacks. This indicates that these attacks always have new variations to evade IDS/IPS detection.

Index Terms—False positive, false negative, intrusion detection, network security.

Cheng-Yuan Ho, Ying-Dar Lin, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai are with National Chiao Tung University, Taiwan (e-mailydlin@cs.nctu.edu.tw)
Yuan-Cheng Lai is with National Taiwan University of Science and Technology, Taiwan

[PDF]

Cite: Cheng-Yuan Ho, Ying-Dar Lin, Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai, "False Positives and Negatives from Real Traffic with Intrusion Detection/Prevention Systems," International Journal of Future Computer and Communication vol. 1, no. 2, pp. 87-90, 2012.

Copyright © 2008-2016. International Journal of Future Computer and Communication. All rights reserved.
E-mail: ijfcc@ejournal.net