期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:3
页码:393-406
DOI:10.14257/ijsia.2014.8.3.38
出版社:SERSC
摘要:Intrusion Detection Systems (IDSs) play very crucial role in minimizing the damage caused by different computer attacks. In fact, most IDSs are capable of detecting many attacks, but often appear problematic because of triggering huge number of non-interesting alerts which diminish the value and urgency of interesting alerts. The analysts who review the alerts rarely look at the voluminous alerts until a sign is reported by other security means because it is laborious and challenging task to identify the interesting alerts. This has led to the emergence of many approaches to manage the overwhelming number of alerts. The existing approaches suffer from several limitations. This paper conducts a comprehensive study and evaluation of the key approaches that aim to manage the huge number of alerts in order to identify some research gaps that will objectively motivate researchers to come up with better approaches. At the end of the review, this paper suggests a strategy that can be exploited in order to improve the quality of final alerts.
