• DocumentCode
    2301603
  • Title

    Alert Fusion for a Computer Host Based Intrusion Detection System

  • Author

    Feng, Chuan ; Peng, Jianfeng ; Qiao, Haiyan ; Rozenblit, Jerzy W.

  • Author_Institution
    Dept. of Electr. & Comput. Eng., Arizona Univ., Tucson, AZ
  • fYear
    2007
  • fDate
    26-29 March 2007
  • Firstpage
    433
  • Lastpage
    440
  • Abstract
    Intrusions impose tremendous threats to today´s computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of intrusion detection systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates subject-verb-object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system
  • Keywords
    Java; authorisation; DEVS formalism; DEVS-JAVA simulation tool; alert fusion; impact analysis engine; intrusion detection system; multipoint monitors; security breaches; subject-verb-object; unauthorized access; Access control; Authentication; Computer architecture; Computer performance; Data security; Engines; Expert systems; Information security; Intrusion detection; Protection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Engineering of Computer-Based Systems, 2007. ECBS '07. 14th Annual IEEE International Conference and Workshops on the
  • Conference_Location
    Tucson, AZ
  • Print_ISBN
    0-7695-2772-8
  • Type

    conf

  • DOI
    10.1109/ECBS.2007.17
  • Filename
    4148960