DocumentCode
3501471
Title
Intrusion alert normalization method using AWK scripts and attack name database
Author
Kim, Dongyoung ; Bang, Hyochan ; Na, Jung-Chan
Author_Institution
Electron. & Telecommun. Res. Inst., South Korea
Volume
1
fYear
2005
fDate
21-23 Feb. 2005
Firstpage
608
Abstract
The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of protocols. The protocols that transfer intrusion alert are IDXP, SNMP trap, SYSLOG protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.
Keywords
protocols; security of data; AWK scripts; IDS; intrusion alert normalization method; name database; protocols; security equipments; Data security; Databases; Electron traps; IP networks; Information analysis; Internet; Intrusion detection; Protection; Transport protocols; XML;
fLanguage
English
Publisher
ieee
Conference_Titel
Advanced Communication Technology, 2005, ICACT 2005. The 7th International Conference on
Type
conf
DOI
10.1109/ICACT.2005.245944
Filename
1461951
Link To Document