增强安全运营中心对异构入侵检测系统的互操作性

Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology Pub Date : 1900-01-01 DOI:10.1109/CCST.2005.1594841

A. C. Lin, Hsing-Kuo Wong, Tzong-Chen Wu

{"title":"增强安全运营中心对异构入侵检测系统的互操作性","authors":"A. C. Lin, Hsing-Kuo Wong, Tzong-Chen Wu","doi":"10.1109/CCST.2005.1594841","DOIUrl":null,"url":null,"abstract":"This study aimed at enhancing the interoperability of a SOC (security operation center) to heterogeneous IDSes (intrusion detection systems) by designing a few EDMEF (intrusion detection message exchange format) templates. The adopted approach based on the specification of IDMEF and the need of incident detection. The resulted templates have two types that are for use of most usual alerts and aggregation of similar alerts respectively. The objectives of these templates are to simplify the usage of IDMEF and to improve the disadvantages originating from un-customized IDMEF. The results support the objectives of this study.","PeriodicalId":411051,"journal":{"name":"Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Enhancing interoperability of security operation center to heterogeneous intrusion detection systems\",\"authors\":\"A. C. Lin, Hsing-Kuo Wong, Tzong-Chen Wu\",\"doi\":\"10.1109/CCST.2005.1594841\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This study aimed at enhancing the interoperability of a SOC (security operation center) to heterogeneous IDSes (intrusion detection systems) by designing a few EDMEF (intrusion detection message exchange format) templates. The adopted approach based on the specification of IDMEF and the need of incident detection. The resulted templates have two types that are for use of most usual alerts and aggregation of similar alerts respectively. The objectives of these templates are to simplify the usage of IDMEF and to improve the disadvantages originating from un-customized IDMEF. The results support the objectives of this study.\",\"PeriodicalId\":411051,\"journal\":{\"name\":\"Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2005.1594841\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2005.1594841","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

本研究通过设计一些入侵检测消息交换格式(EDMEF)模板，旨在提高安全操作中心(SOC)与异构入侵检测系统(ids)的互操作性。采用了基于IDMEF规范和事件检测需求的方法。得到的模板有两种类型，分别用于最常见的警报和类似警报的聚合。这些模板的目标是简化IDMEF的使用，并改善非自定义IDMEF带来的缺点。结果支持本研究的目的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhancing interoperability of security operation center to heterogeneous intrusion detection systems

This study aimed at enhancing the interoperability of a SOC (security operation center) to heterogeneous IDSes (intrusion detection systems) by designing a few EDMEF (intrusion detection message exchange format) templates. The adopted approach based on the specification of IDMEF and the need of incident detection. The resulted templates have two types that are for use of most usual alerts and aggregation of similar alerts respectively. The objectives of these templates are to simplify the usage of IDMEF and to improve the disadvantages originating from un-customized IDMEF. The results support the objectives of this study.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology

自引率

0.00%

发文量