Title :
Cooperative Alert-Filers for Network Surveillance
Author :
Nehinbe, Joshua Ojo
Author_Institution :
Univ. of Essex, Colchester, UK
Abstract :
Intrusion aggregation techniques fundamentally focus on how to reduce redundant alerts to lessen the workload of human analysts. Consequently, the clarity and inherent meanings of the entire alerts are completely suppressed. These mostly occur whenever attackers overload intrusion detectors with closely related digression packets that subsequently flood human analysts with lots of redundant alerts. Thus, the distributions of the alerts from heterogeneous sources suddenly overlap. Essentially, realistic evidence to differentiate false alerts from true positives becomes so complex to understand. Accordingly, network administrators erroneously concentrate on false attacks instead of realistic attacks and ultimately, several attacks easily elude detections. For these reasons, we implemented clustering method to investigate these problems using six evaluative data. Equivalent and unique rules were designed to filter intrusive alerts and to subsequently establish their distributions. Furthermore, the results obtained unmasked all the attacks and further revealed distributions of their alerts in realistic and synthetic networks.
Keywords :
computer network security; surveillance; clustering method; cooperative alert-filers; digression packets; human analysts; intrusion aggregation techniques; intrusion detectors; intrusive alerts; network administrators; network surveillance; redundant alerts; Analytical models; Clustering methods; Computational modeling; Computer networks; Computer security; Computer simulation; Detectors; Humans; Intrusion detection; Surveillance; Alerts crowding effects; equivalent alerts; probing attacks; redundant alerts; unique alerts.;
Conference_Titel :
Computer Modelling and Simulation (UKSim), 2010 12th International Conference on
Conference_Location :
Cambridge
Print_ISBN :
978-1-4244-6614-6
DOI :
10.1109/UKSIM.2010.110
