Title :
Forthcoming Aggregating Intrusion Detection System Alerts Framework
Author :
El-Taj, Homam ; Abouabdalla, Omar ; Manasrah, Ahmed ; Al-Madi, Ahmed ; Sarwar, Muhammad Imran ; Ramadass, Sureswaran
Author_Institution :
Nat. Adv. IPv6 Center of Excellence (NAv6), Univ. Sains Malaysia, Minden, Malaysia
Abstract :
Intrusion Detection Systems (IDS) are one of the powerful systems used to secure the computer environments. These systems trigger thousands of alerts per day and become a headache issue to the analyst, because they need to analyze the severity of the alerts and other fields, such as the IP addresses. This paper Investigates the most popular aggregation methods, which deals with IDS alerts. In addition, we propose Threshold Aggregation Framework (TAF) to handle IDS alerts. TAF is based on time as a main component to aggregate the alerts while TAF support aggregating alerts without threshold by setting the threshold value to 0.
Keywords :
IP networks; aggregation; computer network security; IP address; computer environment security; intrusion detection system; system alert framework; threshold aggregation framework; Containers; Correlation; Databases; Feature extraction; Generators; Intrusion detection; Manipulators; Alert Aggregation.; Computer security; False Positive Alerts; Intrusion Detection System; Redundant Alerts;
Conference_Titel :
Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on
Conference_Location :
Venice
Print_ISBN :
978-1-4244-7517-9
Electronic_ISBN :
978-0-7695-4095-5
DOI :
10.1109/SECURWARE.2010.14
