Managing alerts in a multi-intrusion detection environment

被引:68
|
作者
Cuppens, F [1 ]
机构
[1] ONERA Toulouse, F-31055 Toulouse, France
来源
17TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS | 2001年
关键词
IDS; IDMEF; DTD; cooperative intrusion detection; alert clustering; alert merging;
D O I
10.1109/ACSAC.2001.991518
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator. A promising approach is to develop a cooperation module to analyze alerts and to generate more global and synthetic alerts. This paper presents the work we did in this context within the MIRADOR project. We suggest specifications for three functions: alert base management, alert clustering and alert merging. The approach is compliant with the IDMEF format currently being defined at the IETF.
引用
收藏
页码:22 / 31
页数:10
相关论文
共 50 条
  • [31] AlertWheel: Radial Bipartite Graph Visualization Applied to Intrusion Detection System Alerts
    Dumas, Maxime
    Robert, Jean-Marc
    McGuffin, Michael J.
    [J]. IEEE NETWORK, 2012, 26 (06): : 12 - 18
  • [32] Correlating intrusion detection alerts on bot malware infections using neural network
    Kidmose, Egon
    Stevanovic, Matija
    Pedersen, Jens Myrup
    [J]. 2016 INTERNATIONAL CONFERENCE ON CYBER SECURITY AND PROTECTION OF DIGITAL SERVICES (CYBER SECURITY), 2016,
  • [33] AIDA Framework: Real-Time Correlation and Prediction of Intrusion Detection Alerts
    Husak, Martin
    Kaspar, Jaroslav
    [J]. 14TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2019), 2019,
  • [34] Environment-sensitive intrusion detection
    Giffin, JT
    Dagon, D
    Jha, S
    Lee, W
    Miller, BP
    [J]. RECENT ADVANCES IN INTRUSION DETECTION, 2006, 3858 : 185 - 206
  • [35] An introduction to intrusion detection in the wireless environment
    Wilder, AD
    Shanmugasundaram, V
    [J]. PROCEEDINGS OF THE ISCA 20TH INTERNATIONAL CONFERENCE ON COMPUTERS AND THEIR APPLICATIONS, 2005, : 109 - 114
  • [36] A Comparative Study of Different Fuzzy Classifiers for Cloud Intrusion Detection Systems' Alerts
    Alqahtani, Saeed M.
    John, Robert
    [J]. PROCEEDINGS OF 2016 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (SSCI), 2016,
  • [37] Using homomorphic encryption for privacy-preserving clustering of intrusion detection alerts
    Spathoulas, Georgios
    Theodoridis, Georgios
    Damiris, Georgios-Paraskevas
    [J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2021, 20 (03) : 347 - 370
  • [38] An Analysis of Correlations of Intrusion Alerts in an NREN
    Bartos, Vaclav
    Zadnik, Martin
    [J]. 2014 IEEE 19TH INTERNATIONAL WORKSHOP ON COMPUTER AIDED MODELING AND DESIGN OF COMMUNICATION LINKS AND NETWORKS (CAMAD), 2014, : 305 - 309
  • [39] Multi-level Intrusion detection system in cloud environment based on trust level
    Salek, Zahra
    Madani, Fariborz Mousavi
    [J]. 2016 6TH INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE), 2016, : 94 - 99
  • [40] Alerts for managing postpartum haemorrhage
    Fawcus, S.
    [J]. SAMJ SOUTH AFRICAN MEDICAL JOURNAL, 2018, 108 (12): : 1013 - 1017
12345