期刊名称:International Journal of Computer Technology and Applications
电子版ISSN:2229-6093
出版年度:2012
卷号:3
期号:1
页码:411-415
出版社:Technopark Publications
摘要:Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator. This paper describes an aggregation and correlation algorithm used in the design and implementation of intrusion detection.
