首页    期刊浏览 2024年12月01日 星期日
登录注册

文章基本信息

  • 标题:Generating Meta Alert with Intrusion Framework on IDS
  • 本地全文:下载
  • 作者:Sivaramaiah.Y ; S.Nagarjuna Reddy
  • 期刊名称:International Journal of Engineering and Computer Science
  • 印刷版ISSN:2319-7242
  • 出版年度:2013
  • 卷号:2
  • 期号:10
  • 页码:3051-3060
  • 出版社:IJECS
  • 摘要:Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts—producedby low-level intrusion detection systems, firewalls, etc. belonging to a specific attack instance which has been initiated by anattacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevantinformation whereas the amount of data (i.e., alerts) can be reduced substantially. Meta-alerts may then be the basis for reportingto security experts or for communication within a distributed intrusion detection system. We propose a novel technique for onlinealert aggregation which is based on a dynamic, probabilistic model of the current attack situation. Basically, it can be regarded asa data stream version of a maximum likelihood approach for the estimation of the model parameters. With three benchmark datasets, we demonstrate that it is possible to achieve reduction rates of up to 99.96 percent while the number of missing meta-alerts isextremely low. In using simulation of mobile device intrusion will attack to just display on the device. In addition, meta-alerts aregenerated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance
  • 关键词:Intrusion detection ; alert aggregation ; generative modeling ; data stream algorithm
国家哲学社会科学文献中心版权所有