Classification and detection of computer intrusions
Classification and detection of computer intrusions
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
| Hi-index | 0.00 |
In most current generation intrusion detection technology systems the output data are stored into flat files. By contrast, ease in storing, analyzing, categorizing, and accessing data are major advantages that accrue when using databases in hold intrusion detection data. Often, security analysts have to repeatedly perform the difficult task of sorting through a haystack of attack alerts, many of which turn out to be inaccurate. It is possible to make the job of managing these alerts, analyzing data with high precision, and searching for attacks or intrusions easier by using database query oriented analysis. This project was conducted in order to demonstrate, as proof of concept, the effectiveness in intrusion detection handling of intrusion data when writing them into a database system and analyzing them with SQL. A database plug-in was developed that deposits the data from an intrusion detection system to a database. Subsequently, statistical analysis was conducted, which showed that database query methods can be effective in detecting intrusions, while decreasing the challenge of the analysis of intrusions.