协同入侵检测中基于攻击分类的警报验证

Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007) Pub Date : 2007-07-30 DOI:10.1109/SNPD.2007.216

Min Xiao, Debao Xiao

{"title":"协同入侵检测中基于攻击分类的警报验证","authors":"Min Xiao, Debao Xiao","doi":"10.1109/SNPD.2007.216","DOIUrl":null,"url":null,"abstract":"The traditional intrusion detection system has the disadvantages of alert flooding and high false positive due to weak collaboration-awareness. The collaborative intrusion detection mechanism is advocated to overcome shortcomings of traditional IDS and alert verification and correlation are two important techniques to perform collaborative mechanisms. The goal of alert verification is to distinguish the false positives from true positives or confirm the confidence of the alert by integrating context information of protected network with alerts. In this paper, we present an alert verification scheme based on attack classification to achieve the objectives of low cost and high efficiency of verification process.","PeriodicalId":197058,"journal":{"name":"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"Alert Verification Based on Attack Classification in Collaborative Intrusion Detection\",\"authors\":\"Min Xiao, Debao Xiao\",\"doi\":\"10.1109/SNPD.2007.216\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The traditional intrusion detection system has the disadvantages of alert flooding and high false positive due to weak collaboration-awareness. The collaborative intrusion detection mechanism is advocated to overcome shortcomings of traditional IDS and alert verification and correlation are two important techniques to perform collaborative mechanisms. The goal of alert verification is to distinguish the false positives from true positives or confirm the confidence of the alert by integrating context information of protected network with alerts. In this paper, we present an alert verification scheme based on attack classification to achieve the objectives of low cost and high efficiency of verification process.\",\"PeriodicalId\":197058,\"journal\":{\"name\":\"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-07-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD.2007.216\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2007.216","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

摘要

传统的入侵检测系统由于协作意识较弱，存在报警泛滥、误报率高的缺点。协作入侵检测机制是为了克服传统入侵检测方法的不足而提出的，警报验证和关联是实现协作机制的两种重要技术。警报验证的目标是通过将被保护网络的上下文信息与警报相结合，区分假阳性和真阳性，或确认警报的置信度。本文提出了一种基于攻击分类的警报验证方案，以实现验证过程的低成本和高效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Alert Verification Based on Attack Classification in Collaborative Intrusion Detection

The traditional intrusion detection system has the disadvantages of alert flooding and high false positive due to weak collaboration-awareness. The collaborative intrusion detection mechanism is advocated to overcome shortcomings of traditional IDS and alert verification and correlation are two important techniques to perform collaborative mechanisms. The goal of alert verification is to distinguish the false positives from true positives or confirm the confidence of the alert by integrating context information of protected network with alerts. In this paper, we present an alert verification scheme based on attack classification to achieve the objectives of low cost and high efficiency of verification process.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)

自引率

0.00%

发文量