Building an Efficient Alert Management Model for Intrusion Detection Systems
نویسندگان
چکیده
منابع مشابه
A Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملTRINETR: An Intrusion Detection Alert Management System
TRINETR: An Intrusion Detection Alert Management and Analysis System by Jinqiao Yu Intrusion detection system (IDS) is a software system or hardware device deployed to monitor network and host activities including data flows and information accesses etc. to capture suspicious activities. In recent years, IDS has began to gain wide acceptance as a necessary and worthwhile investment on security....
متن کاملStrategic Alert Throttling for Intrusion Detection Systems
Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an ext...
متن کاملAdaptive Alert Throttling for Intrusion Detection Systems
Each time that an intrusion detection system raises an alert it must make some attempt to communicate the information to an operator. This communication channel can easily become the target of a denial of service attack because, like all communication channels, it has a fixed capacity. If this channel can become overwhelmed with bogus data, an attacker can quickly achieve complete neutralisatio...
متن کاملBuilding an Application Data Behavior Model for Intrusion Detection
Application level intrusion detection systems usually rely on the immunological approach. In this approach, the application behavior is compared at runtime with a previously learned application profile of the sequence of system calls it is allowed to emit. Unfortunately, this approach cannot detect anything but control flow violation and thus remains helpless in detecting the attacks that aim p...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Advances in Science, Technology and Engineering Systems Journal
سال: 2018
ISSN: 2415-6698
DOI: 10.25046/aj030103