DocumentCode :
2927445
Title :
A semantic analysis approach to manage IDS alerts flooding
Author :
Saad, Sherif ; Traore, Issa
fYear :
2011
fDate :
5-8 Dec. 2011
Firstpage :
156
Lastpage :
161
Abstract :
In this paper we propose a new approach to manage alerts flooding in IDSs. The proposed approach uses semantic analysis and ontology engineering techniques to combine and fuse two or more raw IDS alerts into one summarized hybrid/meta-alert. Our approach applies a new method based on measuring the semantic similarity between IDS alerts attributes to identify the alerts that are suitable for aggregation and summarization. In contrast to previous works our approach ensures that the aggregated alerts will not lose any valuable information existing in the raw alerts set. The experimental results show that our approach is effective and efficient in fusing massive number of alerts compared to previous works in the area.
Keywords :
ontologies (artificial intelligence); security of data; IDS alerts flooding; ontology engineering; semantic analysis approach; valuable information; Aggregates; Clustering algorithms; IP networks; Measurement; Ontologies; Semantics; Vectors; Alerts Aggregation; Information Loss; Intrusion Detection; Ontology; Semantic Analysis;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Assurance and Security (IAS), 2011 7th International Conference on
Conference_Location :
Melaka
Print_ISBN :
978-1-4577-2154-0
Type :
conf
DOI :
10.1109/ISIAS.2011.6122812
Filename :
6122812
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2927445
بازگشت