Improvements in Security Alert Analysis with a Truth Maintenance System

Author

Tang, Albert ; Ray, Pradeep ; Lewis, Lundy

Author_Institution

Univ. of New South Wales, Sydney

fYear

2008

fDate

7-10 Jan. 2008

Firstpage

263

Lastpage

263

Abstract

A high percentage of false positives remains a problem in current network security detection systems. With the growing reliance of industry on computer networks, and the growing variety of attacks that can be directed towards a computer network, it is clear that detection systems must be improved in order to tackle this growing problem. To help minimise the problem of false positives, this paper describes a method and apparatus for security alert analysis that is based on two technologies: (i) event correlation and (ii) a truth maintenance system. This work was undertaken in the context of practical network security management in a large outsourced management service provider in the Asia-Pacific region.

Keywords

computer network management; security of data; telecommunication security; truth maintenance; computer network attack; event correlation; false positive problem; network intrusion detection system; network security detection system; network security management; outsourced management service provider; security alert analysis; truth maintenance system; Algorithm design and analysis; Artificial intelligence; Australia; Computer network management; Costs; Data security; Information security; Intrusion detection; Logic; Performance analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Hawaii International Conference on System Sciences, Proceedings of the 41st Annual

Conference_Location

Waikoloa, HI

ISSN

1530-1605

Type

conf

DOI

10.1109/HICSS.2008.198

Filename

4438967