Managing Alerts in a Multi-Intrusion Detection Environmen

نویسنده

Frédéric Cuppens

چکیده

There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator. A promising approach is to develop a cooperation module to analyze alerts and to generate more global and synthetic alerts. This paper presents the work we did in this context within the MIRADOR project. We suggest specifications for three functions: alert base management, alert clustering and alert merging. The approach is compliant with the IDMEF format currently being defined at the IETF.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach

Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...

متن کامل

Alert correlation and prediction using data mining and HMM

Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...

متن کامل

Using a Deep Understanding of Network Activities for Security Event Management

With the growing deployment of host-based and network-based intrusion detection systems in increasingly large and complex communication networks, managing low-level alerts from these systems becomes critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or intrusion prevention systems (IPSs) are collected throughout a monitored network such that...

متن کامل

A Data Mining Analysis of RTID Alarms

IBM's Emergency Response Service provides real-time intrusion detection (RTID) services through the Internet for a variety of clients. As the number of clients increases, the volume of alerts generated by the RTID sensors becomes intractable. This problem is aggravated by the fact that some sensors may generate hundreds or even thousands of innocent alerts per day. With an eye towards managing ...

متن کامل

Enriching Intrusion Alerts Through Multi-Host Causality

Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. We show how to enrich an IDS alert with information about how those alerts causally lead to or result from other events in the system. By enriching IDS alerts with this type of causal information, we can leverage existing ID...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2001

Managing Alerts in a Multi-Intrusion Detection Environmen

نویسنده

چکیده

منابع مشابه

Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach

Alert correlation and prediction using data mining and HMM

Using a Deep Understanding of Network Activities for Security Event Management

A Data Mining Analysis of RTID Alarms

Enriching Intrusion Alerts Through Multi-Host Causality

عنوان ژورنال:

اشتراک گذاری