Title :
Towards implementing intrusion alert quality framework
Author :
Bakar, Najwa A. ; Belaton, Bahari
Author_Institution :
Sch. of Comput. Sci., Univ. Sains Malaysia, Penang, Malaysia
Abstract :
Security alerts high-level reasoning efforts such as alert filtering and intrusion alert correlation are initiatives to solve security data flooding and high false positive alert rates. These efforts decrease the volume of the security data, marginally reduce the false positive rate, and improve the attack-detection rate. Although the results of these efforts have been encouraging, there are still weaknesses partly due to data quality problems. This paper works on the premise that a quality input data should in theory help in producing good results. Thus, the aim of this paper is to propose an intrusion alert quality framework that addresses alert preparation stage for high-level reasoning by enriching and enhancing the alerts with quality parameters, and then encoding these enriched alerts in the IDMEF format. In this format, the enriched alerts are readily usable by high-level reasoning operations.
Keywords :
inference mechanisms; security of data; IDMEF format; alert filtering; alert preparation stage; attack-detection rate; data quality; high-level reasoning efforts; intrusion alert correlation; intrusion alert quality; quality parameters; security alerts; security data flooding; Aggregates; Computer science; Computer security; Data security; Encoding; Filtering; Floods; Intrusion detection; Medical services; Sensor phenomena and characterization;
Conference_Titel :
Distributed Frameworks for Multimedia Applications, 2005. DFMA '05. First International Conference on
Print_ISBN :
0-7695-2273-4
DOI :
10.1109/DFMA.2005.49
