Title :
Design and implementation of a distributed IDS alert aggregation model
Author :
Fan, Guo ; Jihua, Ye ; Min, Yu
Author_Institution :
Coll. of Comput. Inf. Eng., Jiangxi Normal Univ., Nanchang, China
Abstract :
How to aggregate and reduce duplicated alerts from different IDSs is one of the most important problems in distributed IDS research area. The article proposes a distributed alert aggregation model composed of local components and network components. Local components transform raw alerts originating from traditional IDSs to IDMEF-based alerts with uniform format, which are sent to network components. Network components aggregate similar alerts into a meta-alert, using an aggregation algorithm based on category and feature similarity. A subscription-based communication mechanism is and multiple kinds of messages are also proposed to meet the demands of the communication between the components and to realize information share in the whole network. Experiments on DARPA99 data set indicated the effectiveness of the model.
Keywords :
distributed processing; security of data; alert aggregation model; distributed IDS; distributed intrusion detection system; network components; subscription-based communication mechanism; Aggregates; Algorithm design and analysis; Computer science; Computer science education; Design engineering; Distributed computing; Distributed databases; Educational institutions; Intrusion detection; Spatial databases; Alert Aggregation; Feature Similarity; IDS;
Conference_Titel :
Computer Science & Education, 2009. ICCSE '09. 4th International Conference on
Conference_Location :
Nanning
Print_ISBN :
978-1-4244-3520-3
Electronic_ISBN :
978-1-4244-3521-0
DOI :
10.1109/ICCSE.2009.5228172
