Title :
Exploiting diversity and correlation to improve the performance of intrusion detection systems
Author :
Coppolino, L. ; Antonio, S.D. ; Esposito, M. ; Romano, L.
Author_Institution :
Dipt. per le Tecnol., Univ. of Naples "Parthenope" (DiT), Naples, Italy
Abstract :
Intrusion detection systems (IDSs) are one of the most widely used technologies for computer security. Regrettably, current solutions are far from perfect, since they either produce a large number of false positives or they can only detect already known attacks. Correlation of information from diverse sources has been proven to be an effective approach for improving IDS performance, i.e. achieving high detection while reducing false positives. In this paper, we propose an IDS solution correlating attack symptoms from diverse information sources, which are collected at different architectural levels, and particularly the network, the DBMS, and the application level. We present an ontology-based approach to correlation, and describe how it can be implemented as a distributed, highly scalable system. The paper contains a thorough discussion of the key issues that we have addressed, and of the technological choices that we have made.
Keywords :
ontologies (artificial intelligence); security of data; complex event processing; computer security; diverse information sources; intrusion detection system; ontology-based approach; Application software; Computational modeling; Cryptography; Data security; Grid computing; Hardware; Helium; Intrusion detection; Protection; Runtime;
Conference_Titel :
Network and Service Security, 2009. N2S '09. International Conference on
Conference_Location :
Paris
Print_ISBN :
978-2-9532-4431-1
