期刊名称:International Journal of Computer Science & Technology
印刷版ISSN:2229-4333
电子版ISSN:0976-8491
出版年度:2012
卷号:3
期号:4
页码:344-348
语种:English
出版社:Ayushmaan Technologies
摘要:Meta-alerts is the basis for reporting to security experts or for communication within a distributed intrusion detection system. With three benchmark data sets, we demonstrate that it is possible to achieve reduction rates of up to 99.96 percent while the number of missing meta-alerts is extremely low. In addition, meta-alerts are generated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance. Metaalerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts) can be reduced substantially. Intrusion detection can be used to identify the types of hackers attempting to tress pass into the system, thus we use the concept of alerts to cluster the types of attacks and the further counter measures, by using the concept of firewalls. . In addition, even low rates of false alerts could easily result in a high total number of false alerts if thousands of network packets or log file entries are inspected.
