Title :
Research on Preprocessing Technique of Alert Aggregation
Author :
Mu, Chengpo ; Shuai, Bing
Author_Institution :
Sch. of Machatronical Eng., Beijing Inst. of Technol., Beijing, China
Abstract :
In order to solve the problems caused by repetitive IDS alerts, an adaptive alert aggregation approach is proposed in this paper. According to the corresponding alert types, the stay times of aggregate alerts in the buffer area can be adjusted automatically so that the repetitive alerts can be aggregated effectively. The experiments results indicate that by using the adaptive alert aggregation model, the problems caused by repetitive alerts are solved, and a balance between alert amount and alert type is achieved at the same time. As a result, the adaptive alert aggregation approach not only can provide a strong support for the further alert processing in IDAM &IRS but also can balance the speed and security of a network system.
Keywords :
security of data; IDAM; IRS; adaptive alert aggregation approach; alert amount; alert processing; alert types; buffer area; network system; preprocessing technique; repetitive IDS alerts; repetitive alerts; security; Aggregates; Algorithm design and analysis; Computer crime; Correlation; Intrusion detection; Servers; alert aggregation; alert processing; intrusion detectio; intrusion response;
Conference_Titel :
Computational Sciences and Optimization (CSO), 2012 Fifth International Joint Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4673-1365-0
DOI :
10.1109/CSO.2012.136
