Title :
An IDS Alert Fusion Approach Based on Happened Before Relation
Author :
Xu, Ming ; Wu, Ting ; Tang, Jingfan
Author_Institution :
Inst. of Comput. Applic. Technol., Hangzhou Dianzi Univ., Hangzhou
Abstract :
Alert fusion is a process that analyzes the alerts produced by one or more intrusion detection systems and provides a more succinct and high-level view of security event or attempted intrusions. Unfortunately, the serialized alerts by detected or created time will hide the intrinsic order between alerts. It is a disadvantage to alert fusion. In this paper, we proposed an alert fusion method based on a happened before relation, which revealed the intrinsic order between alerts. Utilizing the happened before relation can improve the performance of alert correlation and reduce the interference with other correlation components. The experiment results show that our approach is effective in achieving alert reduction and aggregation.
Keywords :
security of data; alert fusion method; alert reduction; happened before relation; intrusion detection systems; security event; Aggregates; Computer applications; Costs; Educational institutions; Fuses; Information analysis; Interference; Intrusion detection; Noise reduction; Sensor phenomena and characterization;
Conference_Titel :
Wireless Communications, Networking and Mobile Computing, 2008. WiCOM '08. 4th International Conference on
Conference_Location :
Dalian
Print_ISBN :
978-1-4244-2107-7
Electronic_ISBN :
978-1-4244-2108-4
DOI :
10.1109/WiCom.2008.2937
