DocumentCode :
2676375
Title :
Processing Intrusion Detection Alerts in Large-scale Network
Author :
Li, Dong ; Li, Zhitang ; Ma, Jie
Author_Institution :
Comput. Sch., Huazhong Univ. of Sci. & Technol., Wuhan
fYear :
2008
fDate :
3-5 Aug. 2008
Firstpage :
545
Lastpage :
548
Abstract :
Intrusion detection system will produce large numbers of alerts, most of which are fasle positives. This paper wants to associate multiple intrusion detection systems in large-scale network to reduce overwhelming false alerts and discover real security events in real time. For processing these alerts, two algrithms named reduce and cluster will be developed in this paper, which can remove false alerts with a remarkable periodicity and can cluster multiple homogeneous alerts into one respectively. Experiment shows that over 90% of raw alerts will be filtered and less than 1% of the quantity will remain for analyst to process thoroughly.
Keywords :
computer networks; security of data; CLUSTER; REDUCE; intrusion detection alerts; large-scale network; multiple intrusion detection system; Clustering algorithms; Computer networks; Computer security; Data mining; Data security; Educational institutions; Electronic commerce; Intrusion detection; Large-scale systems; Real time systems; Intrusion detection; large-scale network;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Electronic Commerce and Security, 2008 International Symposium on
Conference_Location :
Guangzhou City
Print_ISBN :
978-0-7695-3258-5
Type :
conf
DOI :
10.1109/ISECS.2008.218
Filename :
4606125
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2676375
بازگشت