{"title":"入侵警报聚合技术的分类","authors":"Taqwa Ahmed, M. M. Siraj, A. Zainal, M. Din","doi":"10.1109/ISBAST.2014.7013129","DOIUrl":null,"url":null,"abstract":"As security threats advance in a drastic way, most of the organizations apply various intrusion detection systems (IDSs) to optimize detection and to provide comprehensive view of intrusion activities. But IDS produces huge number of duplicated alerts information that overwhelm security operator. Alert aggregation addresses this issue by reducing, fusing and clustering the alerts. Techniques from a different scope of disciplines have been proposed by researchers for different aspects of aggregation. In this paper we present a comprehensive review on proposed alert aggregation techniques. Our main contribution is to classify the literature based on the techniques applied to aggregate the alerts.","PeriodicalId":292333,"journal":{"name":"2014 International Symposium on Biometrics and Security Technologies (ISBAST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A taxonomy on intrusion alert aggregation techniques\",\"authors\":\"Taqwa Ahmed, M. M. Siraj, A. Zainal, M. Din\",\"doi\":\"10.1109/ISBAST.2014.7013129\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As security threats advance in a drastic way, most of the organizations apply various intrusion detection systems (IDSs) to optimize detection and to provide comprehensive view of intrusion activities. But IDS produces huge number of duplicated alerts information that overwhelm security operator. Alert aggregation addresses this issue by reducing, fusing and clustering the alerts. Techniques from a different scope of disciplines have been proposed by researchers for different aspects of aggregation. In this paper we present a comprehensive review on proposed alert aggregation techniques. Our main contribution is to classify the literature based on the techniques applied to aggregate the alerts.\",\"PeriodicalId\":292333,\"journal\":{\"name\":\"2014 International Symposium on Biometrics and Security Technologies (ISBAST)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Symposium on Biometrics and Security Technologies (ISBAST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISBAST.2014.7013129\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Symposium on Biometrics and Security Technologies (ISBAST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISBAST.2014.7013129","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A taxonomy on intrusion alert aggregation techniques
As security threats advance in a drastic way, most of the organizations apply various intrusion detection systems (IDSs) to optimize detection and to provide comprehensive view of intrusion activities. But IDS produces huge number of duplicated alerts information that overwhelm security operator. Alert aggregation addresses this issue by reducing, fusing and clustering the alerts. Techniques from a different scope of disciplines have been proposed by researchers for different aspects of aggregation. In this paper we present a comprehensive review on proposed alert aggregation techniques. Our main contribution is to classify the literature based on the techniques applied to aggregate the alerts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
