采用AWK脚本和攻击名称数据库的入侵警报规范化方法

The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005. Pub Date : 2005-07-11 DOI:10.1109/ICACT.2005.245944

Dongyoung Kim, Hyochan Bang, Jungchan Na

{"title":"采用AWK脚本和攻击名称数据库的入侵警报规范化方法","authors":"Dongyoung Kim, Hyochan Bang, Jungchan Na","doi":"10.1109/ICACT.2005.245944","DOIUrl":null,"url":null,"abstract":"The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of protocols. The protocols that transfer intrusion alert are IDXP, SNMP trap, SYSLOG protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.","PeriodicalId":293442,"journal":{"name":"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.","volume":"6 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Intrusion alert normalization method using AWK scripts and attack name database\",\"authors\":\"Dongyoung Kim, Hyochan Bang, Jungchan Na\",\"doi\":\"10.1109/ICACT.2005.245944\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of protocols. The protocols that transfer intrusion alert are IDXP, SNMP trap, SYSLOG protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.\",\"PeriodicalId\":293442,\"journal\":{\"name\":\"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.\",\"volume\":\"6 2\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-07-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACT.2005.245944\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACT.2005.245944","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

目前的几种入侵警报具有不同的格式和语义。它通过各种协议传输。传输入侵警报的协议有IDXP、SNMP trap、SYSLOG协议等。这些不同的入侵警报格式使其难以同时使用。入侵警报规范化使各种入侵对相同的结构数据和相同的语义发出警报。我们需要这个规范化过程来统一来自各种安全设备的警报。本文介绍了如何规范化来自多个入侵检测系统和安全设备的警报。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Intrusion alert normalization method using AWK scripts and attack name database

The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of protocols. The protocols that transfer intrusion alert are IDXP, SNMP trap, SYSLOG protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The 7th International Conference on Advanced Communication Technology, 2005, ICACT 2005.

自引率

0.00%

发文量