Managing alerts in a multi-intrusion detection environment 论文
2005引用 251
Network Security and Intrusion DetectionAnomaly Detection Techniques and ApplicationsTime Series Analysis and Forecasting
详细信息
- 发表日期
- 2005-08-24
- 发表年份
- 2005
关键词
Network Security and Intrusion DetectionAnomaly Detection Techniques and ApplicationsTime Series Analysis and Forecasting
摘要
There are several approaches for intrusion detectionbut none of them is fully satisfactory. They generallygenerate too many false positives and the alerts are tooelementary and not enough accurate to be directlymanaged by a security administrator. A promisingapproach is to develop a cooperation module to analyzealerts and to generate more global and synthetic alerts.This paper presents the work we did in this context withinthe MIRADOR project. We suggest specifications for threefunctions: alert base management, alert clustering andalert merging. The approach is compliant with theIDMEF format currently being defined at the IETF.