Information Modeling for Intrusion Report Aggregation
نویسندگان
چکیده
This paper describes the SCYLLARUS approach to fusing reports from multiple intrusion detection systems (IDSes) to provide an overall approach to intrusion situation awareness. The overall view provided by SCYLLARUS centers around the site’s security goals, aggregating large numbers of individual IDS reports based on their impact The overall view reduces information overload by aggregating multiple IDS reports in a top-down view; and by reducing false positives by weighing evidence provided by multiple IDSes and other information sources. Unlike previous efforts in this area, SCYLLARUS is centered around its Intrusion Reference Model (IRM). The SCYLLARUS IRM contains both dynamic and static (configuration) information. A Network Entity/Relationship Database (NERD), providing information about the site’s hardware and software; a Security Goal Database, describing the site’s objectives and security policy; and an Event Dictionary, describing important events, both intrusions and benign; comprise the static portion of the IRM. The set of IDS reports; the events SCYLLARUS hypothesizes to explain them; and the resulting judgment of the state of site security goals comprise the dynamic part of the IRM.
منابع مشابه
EIDA: An Energy-Intrusion aware Data Aggregation Technique for Wireless Sensor Networks
Energy consumption is considered as a critical issue in wireless sensor networks (WSNs). Batteries of sensor nodes have limited power supply which in turn limits services and applications that can be supported by them. An efcient solution to improve energy consumption and even trafc in WSNs is Data Aggregation (DA) that can reduce the number of transmissions. Two main challenges for DA are: (i)...
متن کاملA comprehensive experimental comparison of the aggregation techniques for face recognition
In face recognition, one of the most important problems to tackle is a large amount of data and the redundancy of information contained in facial images. There are numerous approaches attempting to reduce this redundancy. One of them is information aggregation based on the results of classifiers built on selected facial areas being the most salient regions from the point of view of classificati...
متن کاملEvaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks
Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...
متن کاملModeling Intrusion Alerts using IDMEF Data Model
In response to proliferated attacks on enterprise systems today, practitioners employ multiple, diverse intrusion detection sensors to improve the detection rate and the coverage within the system for increased information assurance. An important problem in such environment is the management of alerts. One of the essential issues in alerts management is the standardization of the alerts format....
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001