Context-aware Alert Verification for Network Security using the Extension Method based on Basic-Elements
نویسندگان
چکیده
As for network security, post-IDS alert analysis has become a fashion in view of collaboration and correlation, and context-aware alert verification is one of the main solutions. In order to guarantee a unified representation of related information and knowledge, this paper tries to introduce basic-elements and the extension method into the study on context-aware alert verification. This paper then proposes the use of basic-elements to realize the formal presentation of alert information and context information in a unified manner, and applies the extension method based on basic-elements for context-aware alert verification by utilizing the extension set and the extension analysis. The evaluation result of validation scenarios shows that, the proposed approach prospects a formalized way to context-aware alert verification for network security with an appropriate use of the extension method based on basic-elements.
منابع مشابه
Context-aware Modeling for Spatio-temporal Data Transmitted from a Wireless Body Sensor Network
Context-aware systems must be interoperable and work across different platforms at any time and in any place. Context data collected from wireless body area networks (WBAN) may be heterogeneous and imperfect, which makes their design and implementation difficult. In this research, we introduce a model which takes the dynamic nature of a context-aware system into consideration. This model is con...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملFace Detection with methods based on color by using Artificial Neural Network
The face Detection methodsis used in order to provide security. The mentioned methods problems are that it cannot be categorized because of the great differences and varieties in the face of individuals. In this paper, face Detection methods has been presented for overcoming upon these problems based on skin color datum. The researcher gathered a face database of 30 individuals consisting of ov...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کامل