انت هنا الان: الرئيسية » القسم الاكاديمي
المقالات الاكاديمية والبحثية

A Survey on IDS Alerts Processing Techniques

    لتحميل الملف من هنا
Views  1865
Rating  0
 صفاء عبيس مهدي المعموري 6/13/2011 5:55:41 AM
تصفح هذه الورقة الالكترونية بتقنية Media To Flash Paper


A Survey on IDS Alerts Processing Techniques


SAFAA O. AL- MAMORY, HONG LI ZHANG

School of Computer Science, Harbin Institute of technology,CHINA, HARBIN, 150001

Safaa_vb@yahoo.com , zhl@pact518.hit.edu.cn 


 
Abstract:-
 
 
When an attacker tries to penetrate the network, there are many defensive systems, including intrusion detection systems (IDSs). Most IDSs are capable of detecting many attacks, but can not provide a clear idea to the analyst because of the huge number of false alerts generated by these systems. This weakness in the IDS has led to the  mergence of many methods in which to deal with these alerts, minimize them and highlight the real attacks. It has come to a stage to take a stock of the research results a comprehensive view so that further research in this area will be motivated objectively to fulfill the gaps exists till now.
 
 
Key-Words: - Network security, intrusion detection, alert correlation, alert reduction, attacks, scenarios.
 
 
  Introduction :-


After about twenty years of IDS developing, the research results obtained have made the scientific community conclude that further research is needed to fine tune these systems. Large organizations and companies are already setting up different models of IDS from different vendors. The IDSs provide an unmanageable amount of alerts. Inspecting thousands of alerts per day [1] is unfeasible, especially if 99% of them are false positives [2]. Due to this, during the last few years research on IDSs has focused on how to handle alerts. The main objectives of these investigation works are: to reduce the amount of false alerts, study the cause of these false positives, recognize highlevel attack scenarios, and finally provide a coherent response to attacks understanding the relationship between different alerts. To achieve good recognition of attacks, the data needs to be collected from various sources like Host IDS, Network IDS, Routers, anti-viruses and others as shown in Fig. 1. As can be seen in Fig. 1, there are many sources that generate alerts and the IDMEF [3] is the language that standardizes (normalize) these alerts to unified format.  hen alert pre-processing techniques are applied to mitigate the influence of false alerts. After that, the resulting alerts are correlated to build attacks scenarios and generate reports for the analyst to prevent completion of attacks (if possible).


 
Dear visitor, 
For downloading the full version of the research/article click on the pdf icon above.


  • وصف الــ Tags لهذا الموضوع
  • A Survey on IDS Alerts Processing Techniques

هذه الفقرة تنقلك الى صفحات ذات علاقة بالمقالات الاكاديمية ومنها الاوراق البحثية المقدمة من قبل اساتذة جامعة بابل وكذلك مجموعة المجلات العلمية والانسانية في الجامعة وعدد من المدنات المرفوعة من قبل مشرف موقع الكلية وهي كالاتي:

قسم المعلومات

يمكنكم التواصل مع قسم معلومات الكلية في حالة تقديم اي شكاوى من خلال الكتابة الينا,يتوجب عليك اختيار نوع الرسالة التي تود ان ترسلها لادارة الموقع :