期刊名称:International Journal of Computer Science and Communication Networks
电子版ISSN:2249-5789
出版年度:2012
卷号:2
期号:4
页码:520-525
出版社:Technopark Publications
摘要:Online intrusion detection systems play an important role in protecting IT systems. Tools like Snort, firewall also detect intrusions. Such intrusion detection systems provide feedback in the form of alerts. However, the number of alerts is more in number and often security personnel are confused with such voluminous messages. This makes them difficult to take decision immediately. They take time to analyze the alerts and come to a conclusion for directions for taking actions. The security risk estimation and resolving the security problem depends on quick understanding of alerts. The bulk of alerts given by low level intrusion detection systems make it time consuming to arrive at decisions. To overcome this problem the alerts provided by low level detection systems can be programmatically aggregated and summarized alerts can be given to security personnel so as to enable them to draw conclusions quickly and take required actions. We propose a new technique for the purpose of online alert aggregation based on dynamic, probabilistic model. The solution is based on maximum likelihood approach which is a data stream version. The empirical results revealed that the proposed solution is effective and useful
关键词:Online intrusion detection; data streaming; probabilistic model; alert aggregation
