Title :
Alert prioritization in Intrusion Detection Systems
Author :
Alsubhi, Khalid ; Al-Shaer, Ehab ; Boutaba, Raouf
Author_Institution :
Davird R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON
Abstract :
Intrusion Detection Systems (IDSs) are designed to monitor user and/or network activity and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large; making the task of security analysts difficult to manage. Furthermore, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide imprecise results. In this paper, we propose a fuzzy-logic based technique for scoring and prioritizing alerts generated by an IDS(1). In addition, we present an alert rescoring technique that leads to a further reduction of the number of alerts. The approach is validated using the 2000 DARPA intrusion detection scenario specific datasets and comparative results between the Snort IDS alert scoring and our scoring and prioritization scheme are presented.
Keywords :
fuzzy logic; security of data; 2000 DARPA intrusion detection; alert management techniques; alert prioritization; alert rescoring technique; fuzzy-logic based technique; intrusion detection systems; Computer science; Computerized monitoring; Data security; Fuzzy logic; Information security; Inspection; Intrusion detection; Pattern matching; Protection; Telecommunication traffic; Alert management; alert prioritization;
Conference_Titel :
Network Operations and Management Symposium, 2008. NOMS 2008. IEEE
Conference_Location :
Salvador, Bahia
Print_ISBN :
978-1-4244-2065-0
Electronic_ISBN :
1542-1201
DOI :
10.1109/NOMS.2008.4575114
