معلومات البحث الكاملة في مستودع بيانات الجامعة

عنوان البحث(Papers / Research Title)


A Survey on IDS Alerts Processing Techniques


الناشر \ المحرر \ الكاتب (Author / Editor / Publisher)

 
صفاء عبيس مهدي المعموري

Citation Information


صفاء,عبيس,مهدي,المعموري ,A Survey on IDS Alerts Processing Techniques , Time 6/13/2011 5:55:41 AM : كلية تكنولوجيا المعلومات

وصف الابستركت (Abstract)


A Survey on IDS Alerts Processing Techniques

الوصف الكامل (Full Abstract)


A Survey on IDS Alerts Processing Techniques


SAFAA O. AL- MAMORY, HONG LI ZHANG

School of Computer Science, Harbin Institute of technology,CHINA, HARBIN, 150001

Safaa_vb@yahoo.com , zhl@pact518.hit.edu.cn 


 
Abstract:-
 
 
When an attacker tries to penetrate the network, there are many defensive systems, including intrusion detection systems (IDSs). Most IDSs are capable of detecting many attacks, but can not provide a clear idea to the analyst because of the huge number of false alerts generated by these systems. This weakness in the IDS has led to the  mergence of many methods in which to deal with these alerts, minimize them and highlight the real attacks. It has come to a stage to take a stock of the research results a comprehensive view so that further research in this area will be motivated objectively to fulfill the gaps exists till now.
 
 
Key-Words: - Network security, intrusion detection, alert correlation, alert reduction, attacks, scenarios.
 
 
  Introduction :-


After about twenty years of IDS developing, the research results obtained have made the scientific community conclude that further research is needed to fine tune these systems. Large organizations and companies are already setting up different models of IDS from different vendors. The IDSs provide an unmanageable amount of alerts. Inspecting thousands of alerts per day [1] is unfeasible, especially if 99% of them are false positives [2]. Due to this, during the last few years research on IDSs has focused on how to handle alerts. The main objectives of these investigation works are: to reduce the amount of false alerts, study the cause of these false positives, recognize highlevel attack scenarios, and finally provide a coherent response to attacks understanding the relationship between different alerts. To achieve good recognition of attacks, the data needs to be collected from various sources like Host IDS, Network IDS, Routers, anti-viruses and others as shown in Fig. 1. As can be seen in Fig. 1, there are many sources that generate alerts and the IDMEF [3] is the language that standardizes (normalize) these alerts to unified format.  hen alert pre-processing techniques are applied to mitigate the influence of false alerts. After that, the resulting alerts are correlated to build attacks scenarios and generate reports for the analyst to prevent completion of attacks (if possible).


 
Dear visitor, 
For downloading the full version of the research/article click on the pdf icon above.

تحميل الملف المرفق Download Attached File

تحميل الملف من سيرفر شبكة جامعة بابل (Paper Link on Network Server) repository publications

البحث في الموقع

Authors, Titles, Abstracts

Full Text




خيارات العرض والخدمات


وصلات مرتبطة بهذا البحث