원문정보
초록
영어
Lack of effective alert management technique to verify, identify and prioritize alerts is a well-known problem that severely degrades the worthiness of Intrusion Detection Systems (IDSs). IDSs often appear problematic because of triggering huge number of non-interesting alerts which diminish the value and urgency of interesting alerts. An average commercial IDS reports tens of thousands alerts per day. Analysts rarely look at the voluminous alerts until a sign is reported by other security means because it is laborious and challenging task to identify interesting alerts. Alerts evaluated in this manner are often unverified, mis-prioritized, misinterpreted, ignored, misclassified, delayed and are given undue attention. So far none of the current alert management techniques appear to be effective. In this paper, we present our approach to verify, identify and prioritize alerts based on post processing of alerts. Central to our approach is the computation of new alert metrics in order to further describe and understand interestingness of alerts. We synergized Alert Verification and Alert Prioritization techniques to build an effective alert management technique. Our approach gives superior results when compared to other alert management techniques.
목차
1. Introduction
2. Basic Concepts of Alert Management
2.1. Alert Structure
2.2. Nature of Raw Alerts
2.3. Overview of Alert Management Approach
3. Proposed Approach
3.1. Alert Collection
3.2. Alert Verification
3.3. Alert Classification Tree
3.4. Alert Classifier
3.5. Supper Classification
3.6. Alerts Prioritization
4. Experiment
4.1 Overview of experiment setup
4.2. Processing Alert
5. Conclusion
Acknowledgement
References