Strategic Alert Throttling for Intrusion Detection Systems
نویسندگان
چکیده
منابع مشابه
Strategic Alert Throttling for Intrusion Detection Systems
Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of false alerts sent by the attacker. Although these types of attacks are very hard to stop completely, our aim is to present techniques that improve alert throughput and capacity to such an ext...
متن کاملAdaptive Alert Throttling for Intrusion Detection Systems
Each time that an intrusion detection system raises an alert it must make some attempt to communicate the information to an operator. This communication channel can easily become the target of a denial of service attack because, like all communication channels, it has a fixed capacity. If this channel can become overwhelmed with bogus data, an attacker can quickly achieve complete neutralisatio...
متن کاملMultistep Attack Detection and Alert Correlation in Intrusion Detection Systems
A growing trend in the cybersecurity landscape is represented by multistep attacks that involve multiple correlated intrusion activities to reach the intended target. The duty of correlating security alerts and reconstructing complete attack scenarios is left to system administrators because current Network Intrusion Detection Systems (NIDS) are still oriented to generate alerts related to sing...
متن کاملAsynchronous Alert Correlation in Multi-agent Intrusion Detection Systems
This paper presents conceptual model, architecture and software prototype of a multi-agent intrusion detection system (IDS) operating on the basis of heterogeneous alert correlation. The latter term denotes IDS provided with a structure of anomaly detection–like classifiers designed for detection of intrusions in cooperative mode. An idea is to use a structure of classifiers operating on the ba...
متن کاملReliable Alert Fusion of Multiple Intrusion Detection Systems
Alert Fusion is a process of combining alerts from multiple Intrusion Detection Systems to make a decision about the presence of attack or intrusion. A reliable decision from an alert fusion requires that Intrusion detectors involved in the fusion process generates fully reliable alerts. The unreliable alerts from intrusion detectors may completely misleads the decision making process. The exis...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: SSRN Electronic Journal
سال: 2005
ISSN: 1556-5068
DOI: 10.2139/ssrn.2832016