Managing alerts in a multi-intrusion detection environment

被引:68
|
作者
Cuppens, F [1 ]
机构
[1] ONERA Toulouse, F-31055 Toulouse, France
来源
17TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS | 2001年
关键词
IDS; IDMEF; DTD; cooperative intrusion detection; alert clustering; alert merging;
D O I
10.1109/ACSAC.2001.991518
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator. A promising approach is to develop a cooperation module to analyze alerts and to generate more global and synthetic alerts. This paper presents the work we did in this context within the MIRADOR project. We suggest specifications for three functions: alert base management, alert clustering and alert merging. The approach is compliant with the IDMEF format currently being defined at the IETF.
引用
收藏
页码:22 / 31
页数:10
相关论文
共 50 条
  • [1] On the Deployment Quality for Multi-intrusion Detection in Wireless Sensor Networks
    Assad, Noureddine
    Elbhiri, Brahim
    Faqihi, My Ahmed
    Ouadou, Mohamed
    Aboutajdine, Driss
    [J]. PROCEEDINGS OF THE MEDITERRANEAN CONFERENCE ON INFORMATION & COMMUNICATION TECHNOLOGIES 2015 (MEDCT 2015), VOL 2, 2016, 381 : 469 - 478
  • [2] Research on communication mechanism among cooperating multi-intrusion detection agents
    Zhang, Wei
    Teng, Shaohua
    Fu, Yiufen
    Wang, Lin
    [J]. PROCEEDINGS OF THE FIFTH IEEE INTERNATIONAL CONFERENCE ON COGNITIVE INFORMATICS, VOLS 1 AND 2, 2006, : 743 - 748
  • [3] Managing intrusion-detection alerts based on fuzzy comprehensive evaluation
    Mu, CP
    Huang, HK
    Tian, SF
    [J]. Proceedings of the 8th Joint Conference on Information Sciences, Vols 1-3, 2005, : 140 - 143
  • [4] Critical episode mining in intrusion detection alerts
    Soleimani, Mahboobeh
    Ghorbani, Ali A.
    [J]. CNSR 2008: PROCEEDINGS OF THE 6TH ANNUAL COMMUNICATION NETWORKS AND SERVICES RESEARCH CONFERENCE, 2008, : 157 - 164
  • [5] A Novel Radial Visualization of Intrusion Detection Alerts
    Shi, Yang
    Zhao, Ying
    Zhou, Fangfang
    Shi, Ronghua
    Zhang, Yaoxue
    Wang, Guojun
    [J]. IEEE COMPUTER GRAPHICS AND APPLICATIONS, 2018, 38 (06) : 83 - 95
  • [6] Improving the Quality of Alerts with Correlation in Intrusion Detection
    Salim, Lalla Fatima
    Mezrioui, Abdellatif
    [J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2007, 7 (12): : 210 - 215
  • [7] Modeling network intrusion detection alerts for correlation
    Zhou, Jingmin
    Heckman, Mark
    Reynolds, Brennen
    Carlson, Adam
    Bishop, Matt
    [J]. ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2007, 10 (01)
  • [8] Classification of intrusion detection alerts using abstaining classifiers
    Pietraszek, Tadeusz
    [J]. INTELLIGENT DATA ANALYSIS, 2007, 11 (03) : 293 - 316
  • [9] Deep Learning for Prioritizing and Responding to Intrusion Detection Alerts
    McElwee, Steven
    Heaton, Jeffrey
    Fraley, James
    Cannady, James
    [J]. MILCOM 2017 - 2017 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM), 2017, : 1 - 5
  • [10] Analysis and Prediction of Alerts in Perimeter Intrusion Detection System
    Aggarwal, Rizul
    Goswami, Anjali
    Kumar, Jitender
    Chullai, G. A.
    [J]. DEFENCE SCIENCE JOURNAL, 2020, 70 (06) : 619 - 625
12345