Alert Reduction for Network Intrusion Detection

Alert Reduction for Network Intrusion Detection

4.11 - 1251 ratings - Source

Despite years of research and development efforts, intrusion detection is still facing significant challenges. A particular intriguing problem is that existing network intrusion detection systems report an excessive number of alerts, of which few are qinterestingq from the point of view of security officers. Moreover, these alerts do not provide adequate details about the intrusions that can assist security officers to efficiently assess the security risks. In this dissertation, we propose methods to reduce the number of alerts and improve their quality. In our approach, we first identify and extract additional information from the intrusion alerts such as the result of an attack. Using this information, we are able to quickly filter out a majority of alerts that are generally not helpful in intrusion analysis. We also create a systematic approach to consistently and unambiguously model the extracted information, in particular the relations between different alerts. We demonstrate the scalability of this model by applying it to almost one thousand different network intrusion detection signatures. Using the model, we successfully construct high-level description of multi-stage intrusion strategies from low-level alerts, as well as compute the possible variations of multi-stage intrusions from a single intrusion instance. This not only reduces the number of total alerts, but also improves the alert quality. We conducted experiments with several real-world intrusion detection datasets, and the results showed the effectiveness of our approach.destination, i.e., (src, dst, account, exec, ALL(program, /), code). C\ can be inferred from C2 ifC\ has the same credential as C2. Definition 4.4.5 (External Inference) Let C\ and Calt;i be hvo capabilities. C\ a#39;s source is the same as C2 a#39;s destinationanbsp;...

Title:Alert Reduction for Network Intrusion Detection
Publisher:ProQuest - 2008

You must register with us as either a Registered User before you can Download this Book. You'll be greeted by a simple sign-up page.

Once you have finished the sign-up process, you will be redirected to your download Book page.

How it works:
  • 1. Register a free 1 month Trial Account.
  • 2. Download as many books as you like (Personal use)
  • 3. Cancel the membership at any time if not satisfied.

Click button below to register and download Ebook
Privacy Policy | Contact | DMCA