원문정보
초록
영어
Intrusion Detection Systems (IDSs) play very crucial role in minimizing the damage caused by different computer attacks. In fact, most IDSs are capable of detecting many attacks, but often appear problematic because of triggering huge number of non-interesting alerts which diminish the value and urgency of interesting alerts. The analysts who review the alerts rarely look at the voluminous alerts until a sign is reported by other security means because it is laborious and challenging task to identify the interesting alerts. This has led to the emergence of many approaches to manage the overwhelming number of alerts. The existing approaches suffer from several limitations. This paper conducts a comprehensive study and evaluation of the key approaches that aim to manage the huge number of alerts in order to identify some research gaps that will objectively motivate researchers to come up with better approaches. At the end of the review, this paper suggests a strategy that can be exploited in order to improve the quality of final alerts.
목차
1. Introduction
2. Alert Management Concepts
2.1. Struct and Natures Alerts
3. Existing Works
3.1. Alert Classification
3.2. Alert Correlation
3.3. Knowledge Base Alert Filtering
3.4. Challenging Issues and Recommendations
4. Proposed Strategy
4.1. Alert Verification Module
4.2. Alert Classification Module
4.3. Alert Aggregator Module
4.4. Evaluation of the Proposed Solution
5. Conclusion
Acknowledgements
References