基于网络管理技术的协同入侵后警报分析

2008 ISECS International Colloquium on Computing, Communication, Control, and Management Pub Date : 2008-08-03 DOI:10.1109/CCCM.2008.237

Hui Xu, Debao Xiao, Xue Xia, Zheng Wu

{"title":"基于网络管理技术的协同入侵后警报分析","authors":"Hui Xu, Debao Xiao, Xue Xia, Zheng Wu","doi":"10.1109/CCCM.2008.237","DOIUrl":null,"url":null,"abstract":"These days, IDS has been widely deployed and is beginning to gain acceptance as a worthwhile investment. However, at least three disadvantages, which are very high alert rate, fairly high false positives and quite limited ability for detecting distributed and collaborative attacks, hinder its further development. In order to overcome these weaknesses and resolve the conflict with current network security requirements as well, researches on post-IDS alert analysis become a focus, while more and more researchers and engineers advocate two techniques named collaboration and correlation. The aim of this paper is then to propose application of XML-based integrated network management techniques to support collaboration for the purpose of post-IDS alert analysis, and discuss corresponding issues about unified representation of information and knowledge. Validation results show that, proposed approach is quite effective in reducing the rate of false positives.","PeriodicalId":326534,"journal":{"name":"2008 ISECS International Colloquium on Computing, Communication, Control, and Management","volume":"262 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Collaborative Post-IDS Alert Analysis Based on Network Management Techniques\",\"authors\":\"Hui Xu, Debao Xiao, Xue Xia, Zheng Wu\",\"doi\":\"10.1109/CCCM.2008.237\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"These days, IDS has been widely deployed and is beginning to gain acceptance as a worthwhile investment. However, at least three disadvantages, which are very high alert rate, fairly high false positives and quite limited ability for detecting distributed and collaborative attacks, hinder its further development. In order to overcome these weaknesses and resolve the conflict with current network security requirements as well, researches on post-IDS alert analysis become a focus, while more and more researchers and engineers advocate two techniques named collaboration and correlation. The aim of this paper is then to propose application of XML-based integrated network management techniques to support collaboration for the purpose of post-IDS alert analysis, and discuss corresponding issues about unified representation of information and knowledge. Validation results show that, proposed approach is quite effective in reducing the rate of false positives.\",\"PeriodicalId\":326534,\"journal\":{\"name\":\"2008 ISECS International Colloquium on Computing, Communication, Control, and Management\",\"volume\":\"262 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-08-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 ISECS International Colloquium on Computing, Communication, Control, and Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCCM.2008.237\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 ISECS International Colloquium on Computing, Communication, Control, and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCCM.2008.237","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

如今，IDS已被广泛部署，并开始被认为是一项有价值的投资。然而，至少有三个缺点阻碍了它的进一步发展，即非常高的警报率、相当高的误报和相当有限的检测分布式和协同攻击的能力。为了克服这些弱点，解决与当前网络安全需求的冲突，对入侵后警报分析的研究成为一个热点，越来越多的研究人员和工程师提倡协作和关联两种技术。在此基础上，提出了基于xml的集成网络管理技术的应用，以支持ids后警报分析的协作，并讨论了信息和知识的统一表示问题。验证结果表明，该方法在降低误报率方面是非常有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Collaborative Post-IDS Alert Analysis Based on Network Management Techniques

These days, IDS has been widely deployed and is beginning to gain acceptance as a worthwhile investment. However, at least three disadvantages, which are very high alert rate, fairly high false positives and quite limited ability for detecting distributed and collaborative attacks, hinder its further development. In order to overcome these weaknesses and resolve the conflict with current network security requirements as well, researches on post-IDS alert analysis become a focus, while more and more researchers and engineers advocate two techniques named collaboration and correlation. The aim of this paper is then to propose application of XML-based integrated network management techniques to support collaboration for the purpose of post-IDS alert analysis, and discuss corresponding issues about unified representation of information and knowledge. Validation results show that, proposed approach is quite effective in reducing the rate of false positives.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 ISECS International Colloquium on Computing, Communication, Control, and Management

自引率

0.00%

发文量