共查询到10条相似文献,搜索用时 125 毫秒
1.
Tu Hoang Nguyen Jiawei Luo Humphrey Waita Njogu 《International Journal of Network Management》2014,24(3):153-180
Intrusion detection systems (IDSs) often trigger a huge number of unnecessary alerts. Managing the overwhelming number of alerts, especially from multiple IDS products, is a concern to every security analyst. Analyzing and evaluating these alerts is a difficult task that frustrates the effort of analysts. In fact, true alerts are usually buried under heaps of false alerts. We have identified several research gaps in the existing alert management approaches that need to be addressed, especially when handling alerts from different IDS products. In this work, we present an efficient alert management approach that reduces the unnecessary alerts produced by different IDS products using two main modules: an enhanced alert verification module that validates alerts with vulnerability assessment data; and an enhanced alert aggregator module that reduces redundant alerts and presents them in the form of meta alerts. Finally, we have carried out experiments in our test bed and recorded impressive results in terms of high accuracy and low false positive rate for multiple IDS products. Copyright © 2014 John Wiley & Sons, Ltd. 相似文献
2.
为过滤入侵检测系统报警数据中的误报警,根据报警的根源性和时间性总结出了区分真报警和误报警的19个相关属性,并提出了一种基于粗糙集-支持向量机理论的过滤误报警的方法.该方法首先采用粗糙集理论去除相关属性中的冗余属性,然后将具有约简后的10个属性的报警数据集上的误报警过滤问题转化为分类问题,采用支持向量机理论构造分类器以过滤误报警.实验采用由网络入侵检测器Snort监控美国国防部高级研究计划局1999年入侵评测数据(DARPA99)产生的报警数据,结果表明提出的方法在漏报警约增加1.6%的代价下,可过滤掉约98%的误报警.该结果优于文献中使用相同数据、相同入侵检测系统的其它方法的结果. 相似文献
3.
4.
5.
多IDS环境中基于可信度的警报关联方法研究 总被引:1,自引:0,他引:1
针对现有警报关联方法在关联来自多个IDS的警报时未考虑各IDS报告警报可信度的不足,利用证据理论提出了一种基于可信度对多个IDS的警报进行关联分析的方法。方法将各IDS报告警报的情况作为推测网络攻击是否发生的证据,并采用Dempster组合规则来融合这些证据,最后决策判断警报所对应的攻击是否发生,从而消除各IDS报告警报的模糊性和冲突性,达到提高警报质量的目的。在DARPA 2000测试数据集上的实验结果表明,该方法能有效降低误报率,减少警报数目60%以上。 相似文献
6.
Intrusion detection plays a key role in detecting attacks over networks, and due to the increasing usage of Internet services, several security threats arise. Though an intrusion detection system (IDS) detects attacks efficiently, it also generates a large number of false alerts, which makes it difficult for a system administrator to identify attacks. This paper proposes automatic fuzzy rule generation combined with a Wiener filter to identify attacks. Further, to optimize the results, simplified swarm optimization is used. After training a large dataset, various fuzzy rules are generated automatically for testing, and a Wiener filter is used to filter out attacks that act as noisy data, which improves the accuracy of the detection. By combining automatic fuzzy rule generation with a Wiener filter, an IDS can handle intrusion detection more efficiently. Experimental results, which are based on collected live network data, are discussed and show that the proposed method provides a competitively high detection rate and a reduced false alarm rate in comparison with other existing machine learning techniques. 相似文献
7.
Kafeza E. Chiu D.K.W. Cheung S.C. Kafeza M. 《IEEE transactions on information technology in biomedicine》2004,8(2):173-181
Recent advances in mobile technologies have greatly extended traditional communication technologies to mobile devices. At the same time, healthcare environments are by nature "mobile" where doctors and nurses do not have fixed workspaces. Irregular and exceptional events are generated in daily hospital routines, such as operations rescheduling, laboratory/examination results, and adverse drug events. These events may create requests that should be delivered to the appropriate person at the appropriate time. Those requests that are classified as urgent are referred to as alerts. Efficient routing and monitoring of alerts are keys to quality and cost-effective healthcare services. Presently, these are generally handled in an ad hoc manner. In this paper, we propose the use of a healthcare alert management system to handle these alert messages systematically. We develop a model for specifying alerts that are associated with medical tasks and a set of parameters for their routing. We design an alert monitor that matches medical staff and their mobile devices to receive alerts, based on the requirements of these alerts. We also propose a mechanism to handle and reroute, if necessary, an alert message when it has not been acknowledged within a specific deadline. 相似文献
8.
随着网络安全问题的日益突出,IDS被更多地用于安全防护,然而每天数以千计的告警信息却使得安全管理员无从招架。因此,自动关联有逻辑联系的告警信息从而减少告警数量已成为IDS日后发展的关键。论文以描述逻辑为基础,用它对攻击进行统一定义;以攻击场景为载体,用它来分析匹配相继出现的告警信息;以能力集为纽带,用它来串联起一幅幅攻击场景,从而能清晰地展现不同告警之间所隐含的逻辑关系,进而为实现关联归并提供依据。 相似文献
9.
网络攻击越来越复杂,入侵检测系统产生大量告警日志,误报率高,可用性低。为此,论文提出采用聚类分析、关联挖掘算法和基于彩色Petri网的联合挖掘多步骤攻击方法进行IDS告警关联,从宏观和微观攻击轨迹角度重建攻击场景,提高了入侵检测系统的可用性。 相似文献
10.
Maryam Samadi Bonab Ali Ghaffari Farhad Soleimanian Gharehchopogh Payam Alemi 《International Journal of Communication Systems》2020,33(12)
Along with expansion in using of Internet and computer networks, the privacy, integrity, and access to digital resources have been faced with permanent risks. Due to the unpredictable behavior of network, the nonlinear nature of intrusion attempts, and the vast number of features in the problem environment, intrusion detection system (IDS) is regarded as the main problem in the security of computer networks. A feature selection technique helps to reduce complexity in terms of both the executive load and the storage by selecting the optimal subset of features. The purpose of this study is to identify important and key features in building an IDS. To improve the performance of IDS, this paper proposes an IDS that its features are optimally selected using a new hybrid method based on fruit fly algorithm (FFA) and ant lion optimizer (ALO) algorithm. The simulation results on the dataset KDD Cup99, NSL‐KDD, and UNSW‐NB15 have shown that the FFA–ALO has an acceptable performance according to the evaluation criteria such as accuracy and sensitivity than previous approaches. 相似文献