A Hybrid Intelligent Approach for Automated Alert Clustering and Filtering in Intrusion Alert Analysis
نویسندگان
چکیده
منابع مشابه
A Hybrid Intelligent Approach for Automated Alert Clustering and Filtering in Intrusion Alert Analysis
As security threats change and advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their stru...
متن کاملIntelligent Alert Clustering Model for Network Intrusion Analysis
As security threats change and advance in a drastic way, most of the organizations implement multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their stru...
متن کاملTitle : Alert Correlation in Collaborative Intelligent Intrusion
As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuseand anomaly-based. A collaborative intelligent intrusion detection system (CIIDS) is proposed to include both methods, since it is concluded from recent res...
متن کاملTowards Automating Intrusion Alert Analysis
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion resp...
متن کاملA test of intrusion alert filtering based on network information
Intrusion detection systems continue to be a promising security technology. The arguably biggest problem with today’s intrusion detection systems is the sheer number of alerts they produce for events that are regarded as benign or non-critical by system administrators. A plethora of more and less complex solutions has been proposed to filter the relevant (i.e., correct) alerts that signature ba...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: International Journal of Computer Theory and Engineering
سال: 2009
ISSN: 1793-8201
DOI: 10.7763/ijcte.2009.v1.87