Online and offline intrusion alert aggregation

This makes them difficult to take decision immediately. They take time to analyze the alerts and come to a conclusion for directions for taking actions. The security risk estimation and resolving the security problem depends on quick understanding of alerts. The bulk of alerts given by low level intrusion detection systems make it time consuming to arrive at decisions. | ISSN:2249-5789 V Srujana Reddy et al , International Journal of Computer Science & Communication Networks,Vol 2(4), 520-525 Online and Offline Intrusion Alert Aggregation Computer Science & Engineering, SR Engineering College, Warangal, Andhra Pradesh, India Email: G. Dileep Kumar Assistant Professor, CSE SR Engineering College Warangal, Andhra Pradesh, India Email: dileep_gdk@ ABSTRACT Online intrusion detection systems play an important role in protecting IT systems. Tools like Snort, firewall also detect intrusions. Such intrusion detection systems provide feedback in the form of alerts. However, the number of alerts is more in number and often security personnel are confused with such voluminous messages. This makes them difficult to take decision immediately. They take time to analyze the alerts and come to a conclusion for directions for taking actions. The security risk estimation and resolving the security problem depends on quick understanding of alerts. The bulk of alerts given by low level intrusion detection systems make it time consuming to arrive at decisions. To overcome this problem the alerts provided by low level detection systems can be programmatically aggregated and summarized alerts can be given to security personnel so as to enable them to draw conclusions quickly and take required actions. We propose a new technique for the purpose of online alert aggregation based on dynamic, probabilistic model. The solution is based on maximum likelihood approach which is a data stream version. The empirical results revealed that the proposed solution is effective and useful. Index Terms – Online intrusion detection, data streaming, probabilistic model, alert aggregation. Information security is important in IT systems. As emergence of innovative technologies in the arena of computing and ITC and the involvement of networks like Internet, security threats are increasing in a rapid

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.