Correlating Alerts Using Prerequisites of Intrusions: Towards Reducing False Alerts & Uncovering High Level Attack Strategies
نویسنده
چکیده
Public Reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comment regarding this burden estimates or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188,) Washington, DC 20503. 1. AGENCY USE ONLY ( Leave Blank) 2. REPORT DATE 08/08/05 3. REPORT TYPE AND DATES COVERED Final progress report, 07/01/02 – 05/31/05
منابع مشابه
Correlating Alerts Using Prerequisites of Intrusions
Intrusion detection has been studied for about twenty years since the Anderson’s report. However, intrusion detection techniques are still far from perfect. Current intrusion detection systems (IDSs) usually generate a large amount of false alerts and cannot fully detect novel attacks or variations of known attacks. In addition, all the existing IDSs focus on low-level attacks or anomalies; non...
متن کاملAn Intrusion Alert Correlator Based on Prerequisites of Intrusions
Current intrusion detection systems (IDSs) usually focus on detecting low-level attacks and/or anomalies; none of them can capture the logical steps or attack strategies behind these attacks. Consequently, the IDSs usually generate a large amount of alerts. In situations where there are intensive intrusive actions, not only will actual alerts be mixed with false alerts, but the amount of alerts...
متن کاملTowards Automating Intrusion Alert Analysis
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion resp...
متن کاملAnalyzing Intensive Intrusion Alerts via Correlation
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive intrusions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion r...
متن کاملA Toolkit for Intrusion Alerts Correlation Based on Prerequisites and Consequences of Attacks
CUI, YUN. A Toolkit for Intrusion Alerts Correlation Based on Prerequisites and Consequences of Attacks. (Under the direction of Dr. Peng Ning.) Intrusion Detection has been studied for about twenty years. Intrusion Detection Systems (IDSs) are usually considered the second line of defense to protect against malicious activities along with the prevention-based security mechanisms such as authen...
متن کامل