DocumentCode
2927445
Title
A semantic analysis approach to manage IDS alerts flooding
Author
Saad, Sherif ; Traore, Issa
fYear
2011
fDate
5-8 Dec. 2011
Firstpage
156
Lastpage
161
Abstract
In this paper we propose a new approach to manage alerts flooding in IDSs. The proposed approach uses semantic analysis and ontology engineering techniques to combine and fuse two or more raw IDS alerts into one summarized hybrid/meta-alert. Our approach applies a new method based on measuring the semantic similarity between IDS alerts attributes to identify the alerts that are suitable for aggregation and summarization. In contrast to previous works our approach ensures that the aggregated alerts will not lose any valuable information existing in the raw alerts set. The experimental results show that our approach is effective and efficient in fusing massive number of alerts compared to previous works in the area.
Keywords
ontologies (artificial intelligence); security of data; IDS alerts flooding; ontology engineering; semantic analysis approach; valuable information; Aggregates; Clustering algorithms; IP networks; Measurement; Ontologies; Semantics; Vectors; Alerts Aggregation; Information Loss; Intrusion Detection; Ontology; Semantic Analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Assurance and Security (IAS), 2011 7th International Conference on
Conference_Location
Melaka
Print_ISBN
978-1-4577-2154-0
Type
conf
DOI
10.1109/ISIAS.2011.6122812
Filename
6122812
Link To Document