False Positive Decrement for Snort Intrusion Detection

Snort is a freeware Intrusion Detection System (IDS). Snort uses rule-based approach to detect intrusions so that its performance and capab1hty based on its active rule set. When a network is attacked. Snort will generate alerts to the administrator. So far false negative could be occurred in case the rule set do not cover malicious activities and attack behaviors. While false positive could be occurred in case the rule set is not appropriate for the computer and network Since too many false positive event could overload Snort and may be an import factor to fail intrusions detection. Because of the mentioned problem, !he main objective of this work is to develop the system as to reduce false positive of Snort. The system applies the neural network. The neural network was trained by well-form dataset. Input data were parameters in the environment as alert occurring and reference data from the Internet The neural network generates a score for an attack that could be rang 0 - 100. In case of low quality alert 0 - 50, the specific rules which caused low quality alert were disabling by administrator. Finally the obtained results show that the performance of Snort increased w1th .he false positives about 72.78%.