Integrating Multiple
نویسندگان
چکیده
ZHAI, YAN. Integrating Multiple Information Resources to Analyze Intrusion Alerts. (Under the direction of Associate Professor Peng Ning). Intrusion detection systems (IDSs) are important components of network security. However, it is well known that current IDSs generate large amount of alerts, including both true and false alerts. Other than proposing new techniques to detect intrusions without such problems, this thesis presents some work we have done in improving the study of IDS alerts by incorporating other sources of relevant information. In particular, the work covers four issues. The first issue is to integrate and reason about IDS alerts as well as reports by system monitoring or vulnerability scanning tools (discussed in Chapter 3). To facilitate the modeling of intrusion evidence, this approach classifies intrusion evidence into either event-based evidence or state-based evidence. Event-based evidence refers to observations (or detections) of intrusive actions (e.g., IDS alerts), while state-based evidence refers to observations of the effects of intrusions on system states. Based on the interdependency between event-based and state-based evidence, we developed techniques to automatically integrate complementary evidence into Bayesian networks, and reason about uncertain or unknown intrusion evidence based on verified evidence. The second issue is the study of the robustness of the Bayesian analysis framework toward inaccuracies in the assignments of prior confidence with sensitivity analysis and qualitative analysis (discussed in Chapter 4). By performing sensitivity analysis and qualitative analysis on the Bayesian networks used to reason about intrusion evidence, we can measure or approximate individual evidence’s influence on the reasoning results. Such study on the framework’s robustness properties can provide guide line for evidence collection and analyses. The third issue is to improve alert correlation by integrating alert correlation techniques with OS-level object dependency tracking (discussed in Chapter 5). With the support of more detailed and precise information from OS-level event logs, higher accuracy in alert correlation can be achieved. The chapter also discusses the application of such integration in making hypotheses about possibly missed attacks. The fourth issue is to correlate intrusion alert and other security event information from multiple heterogeneous sources while protecting the privacy for each participating parties (discussed in Chapter 6). Based on a sanitization scheme utilizing both generalization and randomization, we proposed several techniques to flexibly balance between the privacy protection and the analysis capability of the sanitized data. We also studied the various analyses supported by the sharing framework and its security against some different types of attacks. Finally, the conclusion of my dissertation is provided and future work is pointed out. Integrating Multiple Information Resources to Analyze Intrusion Alerts
منابع مشابه
Bandwidth and Delay Optimization by Integrating of Software Trust Estimator with Multi-User Cloud Resource Competence
Trust Establishment is one of the significant resources to enhance the scalability and reliability of resources in the cloud environment. To establish a novel trust model on SaaS (Software as a Service) cloud resources and to optimize the resource utilization of multiple user requests, an integrated software trust estimator with multi-user resource competence (IST-MRC) optimization mechanism is...
متن کاملMultiple Fuzzy Regression Model for Fuzzy Input-Output Data
A novel approach to the problem of regression modeling for fuzzy input-output data is introduced.In order to estimate the parameters of the model, a distance on the space of interval-valued quantities is employed.By minimizing the sum of squared errors, a class of regression models is derived based on the interval-valued data obtained from the $alpha$-level sets of fuzzy input-output data.Then,...
متن کاملIntegrating Balanced Scorecard with Fuzzy Linguistic and Fuzzy Delphi Method for Evaluating Performance of Team Sports (SANAT NAFT NOVIN Abadan Football Club)
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملIntegrating Balanced Scorecard with Fuzzy Linguistic and Fuzzy Delphi Method for Evaluating Performance of Team Sports (SANAT NAFT NOVIN Abadan Football Club)
<span style="color: #000000; font-family: Tahoma, sans-serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: -webkit-left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; ba...
متن کاملStochastic differential equations and integrating factor
The aim of this paper is the analytical solutions the family of rst-order nonlinear stochastic differentialequations. We dene an integrating factor for the large class of special nonlinear stochasticdierential equations. With multiply both sides with the integrating factor, we introduce a deterministicdierential equation. The results showed the accuracy of the present work.
متن کاملA Hybrid Deterministic-Statistical Model Integrating Economic, Meteorological and Environmental Variables to Air Pollution
The following study is based on a hybrid statistical-deterministic model designed for the assessment of the daily concentration of sulfur dioxide, carbon monoxide and particulate matter (PM10) as major pollutants in the Greater Tehran Area (GTA): the capital of Iran. The model uses three available or assessable variables including economic, meteorological and environmental in the GTA for the y...
متن کامل