کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
455999 695619 2013 21 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Enhancing IDS performance through comprehensive alert post-processing
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
Enhancing IDS performance through comprehensive alert post-processing
چکیده انگلیسی

Intrusion detection systems (IDS) are among the most common countermeasures against network attacks. In order to improve the alerts obtained from them, various methods of post-processing have been proposed. These methods usually try to alleviate specific drawbacks of intrusion detection. We propose a system that is a post-processing solution. The input of our system is a set of multiple IDS sensors alert sets. Each set's alerts are aggregated in order to improve their quality, before multiple alert sets merge into one general alert set. Then, a low clustering procedure allows the system to hypothesize about missed security events and to create relevant alerts. The main clustering phase comes next, before the final step, in which a clusters graph is generated to produce a high level presentation of the security events. The system has been tested using the DARPA 2000 dataset, as well as a live network dataset, and has produced satisfactory results.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 37, September 2013, Pages 176–196
نویسندگان
, ,