• DocumentCode
    3501471
  • Title

    Intrusion alert normalization method using AWK scripts and attack name database

  • Author

    Kim, Dongyoung ; Bang, Hyochan ; Na, Jung-Chan

  • Author_Institution
    Electron. & Telecommun. Res. Inst., South Korea
  • Volume
    1
  • fYear
    2005
  • fDate
    21-23 Feb. 2005
  • Firstpage
    608
  • Abstract
    The current several classes of intrusion alert have various formats and semantics. And it is transferred using a variety of protocols. The protocols that transfer intrusion alert are IDXP, SNMP trap, SYSLOG protocol, etc. These varieties of intrusion alert formats make it difficult to use that together. Intrusion alert normalization makes various intrusions alert to same structure data and same semantics. We need this normalization process to unify alerts from a variety of security equipments. This paper describes how to normalize alerts from several IDS and security equipments.
  • Keywords
    protocols; security of data; AWK scripts; IDS; intrusion alert normalization method; name database; protocols; security equipments; Data security; Databases; Electron traps; IP networks; Information analysis; Internet; Intrusion detection; Protection; Transport protocols; XML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Communication Technology, 2005, ICACT 2005. The 7th International Conference on
  • Type

    conf

  • DOI
    10.1109/ICACT.2005.245944
  • Filename
    1461951