DocumentCode :
3501471
Title :
Intrusion alert normalization method using AWK scripts and attack name database
Author :
Kim, Dongyoung ; Bang, Hyochan ; Na, Jung-Chan
Author_Institution :
Electron. & Telecommun. Res. Inst., South Korea
Volume :
1
fYear :
2005
fDate :
21-23 Feb. 2005
Firstpage :
608
Abstract :
The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of protocols. The protocols that transfer intrusion alert are IDXP, SNMP trap, SYSLOG protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.
Keywords :
protocols; security of data; AWK scripts; IDS; intrusion alert normalization method; name database; protocols; security equipments; Data security; Databases; Electron traps; IP networks; Information analysis; Internet; Intrusion detection; Protection; Transport protocols; XML;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Advanced Communication Technology, 2005, ICACT 2005. The 7th International Conference on
Type :
conf
DOI :
10.1109/ICACT.2005.245944
Filename :
1461951
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3501471
بازگشت