Correlation analysis system using VA data, IDS alerts

被引:0
|
作者
Lee, Jong-Hyouk [1 ]
Chung, Tai-Myung [1 ]
机构
[1] Sungkyunkwan Univ, Dept Comp Engn, Internet Management Technol Lab, Suwon 440746, Gyeonggi, South Korea
来源
Advances in Computational Methods in Sciences and Engineering 2005, Vols 4 A & 4 B | 2005年 / 4A-4B卷
关键词
correlation; vulnerability; IDS;
D O I
暂无
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
We propose a novel framework named Correlation Analysis System (CAS) using vulnerability assessment data, IDS alerts. Traditional IDS focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there axe intensive intrusions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. We propose CAS using vulnerability assessment data, IDS alerts to reduce false positives and negatives. This provides an effective mean to lower the number of false positives and negatives that an administrator has to deal with. It also improves the results of alert correlation systems by cleaning their input data from spurious attacks. We have developed an active verification system based on Snort and Nessus. As the current implementation stands, it is a useful tool for reducing the false alarm rate of Snort.
引用
收藏
页码:1600 / 1603
页数:4
相关论文
共 50 条
  • [1] Modeling Alerts for IDS Correlation
    Roschke, Sebastian
    Cheng, Feng
    Meinel, Christoph
    [J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2011, 6 (02): : 98 - 105
  • [2] IDS alerts correlation using grammar-based approach
    Al-Mamory, Safaa O.
    Zhang, Hongli
    [J]. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2009, 5 (04): : 271 - 282
  • [3] Classifying IDS Alerts Automatically for use in Correlation Systems
    MirShahJafari, Mohammad
    Ghavamnia, Hamed
    [J]. 2014 11TH INTERNATIONAL ISC CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2014, : 126 - 130
  • [4] Using Alert Cluster to reduce IDS Alerts
    Njogu, Humphrey Waita
    Luo Jiawei
    [J]. PROCEEDINGS OF 2010 3RD IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY (ICCSIT 2010), VOL 5, 2010, : 467 - 471
  • [5] Heterogeneous Multi-sensor IDS Alerts Aggregation using Semantic Analysis
    Saad, Sherif
    Traore, Issa
    [J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2012, 7 (02): : 79 - 88
  • [6] Adaptive IDS Alerts Correlation according to the traffic type and the attacks properties
    Sourour, Meharouech
    Adel, Bouhoula
    Tarek, Abbes
    [J]. 2009 IEEE INTERNATIONAL ADVANCE COMPUTING CONFERENCE, VOLS 1-3, 2009, : 1652 - 1657
  • [7] On the sufficiency of time-based correlation for signature-based IDS alerts
    Neville, SW
    [J]. 2003 IEEE PACIFIC RIM CONFERENCE ON COMMUNICATIONS, COMPUTERS, AND SIGNAL PROCESSING, VOLS 1 AND 2, CONFERENCE PROCEEDINGS, 2003, : 836 - 839
  • [8] REAL-TIME CLASSIFICATION OF IDS ALERTS WITH DATA MINING TECHNIQUES
    Vaarandi, Risto
    [J]. MILCOM 2009 - 2009 IEEE MILITARY COMMUNICATIONS CONFERENCE, VOLS 1-4, 2009, : 1786 - 1792
  • [9] Analysis of IDS alerts by generalising features and discovering emerging patterns
    Maleki, Mahdi
    Shahidi, Seyed Mansour
    [J]. International Journal of Reasoning-based Intelligent Systems, 2022, 14 (01): : 56 - 65
  • [10] Using Neuro-Fuzzy Techniques to Reduce False Alerts in IDS
    Gaonjur, Pravesh
    Tarapore, N. Z.
    Pukale, S. G.
    Dhore, M. L.
    [J]. PROCEEDINGS OF THE 2008 16TH INTERNATIONAL CONFERENCE ON NETWORKS, 2008, : 505 - 510
12345