Search
WIT Press


Related conference

BEM/MRM 47

BEM/MRM 47

25-27 September 2024

Seville, Spain

Related Book

Data Mining IX

Edited By: A. ZANASI, TEMIS Italia, Italy, D. ALMORZA GOMAR, University of Cadiz, Spain, N.F. F. EBECKEN, Universidade Federal do Rio de Janeiro, Brazil and C.A. Brebbia, Wessex Institute of Technology, UK

Selective Alerts For Runtime Protection Of Distributed Systems

Price

Free (open access)

Transaction

WIT Transactions on Information and Communication Technologies

Volume

40

Pages

10

Page Range

287 - 296

Published

2008

Size

397 kb

Paper DOI

10.2495/DATA080271

Copyright

WIT Press

Author(s)

M. Colajanni, D. Gozzi & M. Marchetti

Abstract

Network Intrusion Detection Systems (NIDS) are popular components for a fast detection of network attacks and intrusions, but their efficacy is limited by overwhelming amounts of false alarms that have to be manually managed by system administrators. In order to improve the efficacy of attack detection and reduce the amount of false positives, we propose a novel scheme for runtime alert management. It filters innocuous attacks by taking advantage of the correlation between the NIDS alerts and detailed information concerning the protected information systems, that is retrieved from heterogeneous and unstructured data sources. Thanks to the proposed scheme, an alert is sent to the system administrator only if an attack threatens some real vulnerability of the protected hosts. Otherwise, as it occurs in the large majority of the cases, the alert is stored for a subsequent offline analysis. The viability and efficacy of the proposed solution are demonstrated through an operative prototype that has been tested in networks subject to realistic attacks. Keywords: intrusion detection system, network protection, false positive reduction, alert correlation, alert filtering. 1 Introduction All modern networked information systems must be protected by some hardware or software appliance. Beyond the first line of defense represented by firewalls, the Network Intrusion Detection Systems (NIDS) are the most valuable technology for increasing the network security level through a continuous monitoring and analysis of the network traffic. A generic NIDS processes a copy of the traffic flowing through the protected networks, with the aim of finding illicit activities, attacks

Keywords

intrusion detection system, network protection, false positive reduction, alert correlation, alert filtering.



Related conference

BEM/MRM 47

BEM/MRM 47

25-27 September 2024

Seville, Spain

Related Book

Data Mining IX

Edited By: A. ZANASI, TEMIS Italia, Italy, D. ALMORZA GOMAR, University of Cadiz, Spain, N.F. F. EBECKEN, Universidade Federal do Rio de Janeiro, Brazil and C.A. Brebbia, Wessex Institute of Technology, UK

Other papers in this volume

Warning (2) : foreach() argument must be of type array|object, null given [in /var/www/dce7ae55-385b-4ffa-8595-3ec5e61ff110/public_html/app/templates/Papers/view.php, line 364]

Keep me updated
Data Mining IX

View Book

Other papers in this volume

An Approach To Finding Reduced Sets Of Information Features Describing Discrete Objects Based On Rough Sets Theory

Neural Network Modeling Of The Nonlinear Dynamic Structural Offshore System With Hysteresis

Fast Outlier Detection Using Rough Sets Theory

A Fully Sensitive Correlation Measure For Data Mining

Generalized K-means Algorithm On Nominal Dataset

Flexible Database Transformation For XML-RDBMS

A Rules Reduction Algorithm Based On Significance Measure

WIT Press, Ashurst Lodge, Ashurst, Southampton SO40 7AA, UK. Registered in England as a limited company No. 4741634

Copyright 2025 WIT Press All Rights Reserved - Prices are Subject to Change - Returns Policy - Privacy Policy - Site Map