• DocumentCode
    2283945
  • Title

    Alert prioritization in Intrusion Detection Systems

  • Author

    Alsubhi, Khalid ; Al-Shaer, Ehab ; Boutaba, Raouf

  • Author_Institution
    Davird R. Cheriton Sch. of Comput. Sci., Univ. of Waterloo, Waterloo, ON
  • fYear
    2008
  • fDate
    7-11 April 2008
  • Firstpage
    33
  • Lastpage
    40
  • Abstract
    Intrusion Detection Systems (IDSs) are designed to monitor user and/or network activity and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large; making the task of security analysts difficult to manage. Furthermore, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide imprecise results. In this paper, we propose a fuzzy-logic based technique for scoring and prioritizing alerts generated by an IDS(1). In addition, we present an alert rescoring technique that leads to a further reduction of the number of alerts. The approach is validated using the 2000 DARPA intrusion detection scenario specific datasets and comparative results between the Snort IDS alert scoring and our scoring and prioritization scheme are presented.
  • Keywords
    fuzzy logic; security of data; 2000 DARPA intrusion detection; alert management techniques; alert prioritization; alert rescoring technique; fuzzy-logic based technique; intrusion detection systems; Computer science; Computerized monitoring; Data security; Fuzzy logic; Information security; Inspection; Intrusion detection; Pattern matching; Protection; Telecommunication traffic; Alert management; alert prioritization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Operations and Management Symposium, 2008. NOMS 2008. IEEE
  • Conference_Location
    Salvador, Bahia
  • ISSN
    1542-1201
  • Print_ISBN
    978-1-4244-2065-0
  • Electronic_ISBN
    1542-1201
  • Type

    conf

  • DOI
    10.1109/NOMS.2008.4575114
  • Filename
    4575114