期刊名称:International Journal of Hybrid Information Technology
印刷版ISSN:1738-9968
出版年度:2014
卷号:7
期号:6
页码:395-410
DOI:10.14257/ijhit.2014.7.6.34
出版社:SERSC
摘要:Lack of effective alert management technique to verify, identify and prioritize alerts is a well-known problem that severely degrades the worthiness of Intrusion Detection Systems (IDSs). IDSs often appear problematic because of triggering huge number of non-interesting alerts which diminish the value and urgency of interesting alerts. An average commercial IDS reports tens of thousands alerts per day. Analysts rarely look at the voluminous alerts until a sign is reported by other security means because it is laborious and challenging task to identify interesting alerts. Alerts evaluated in this manner are often unverified, mis- prioritized, misinterpreted, ignored, misclassified, delayed and are given undue attention. So far none of the current alert management techniques appear to be effective. In this paper, we present our approach to verify, identify and prioritize alerts based on post processing of alerts. Central to our approach is the computation of new alert metrics in order to further describe and understand interestingness of alerts. We synergized Alert Verification and Alert Prioritization techniques to build an effective alert management technique. Our approach gives superior results when compared to other alert management techniques.
关键词:Improving Alert Quality; New Alert Metrics; Alert Classification; Intrusion ; Detection Systems