An adaptive architecture of applying vulnerability analysis to IDS alerts

Quantified Score

Visualization

Abstract

With increasing intrusions and attacks on the Internet, there is an urgent need to develop techniques for network security. Current standalone network security products, such as the firewall systems, the Intrusion Detection System (IDS), the anti-virus software, the vulnerability scanning software are not capable of withstanding the onslaught of various network threats. As a result, new security paradigms, which integrate some security devices closely to provide accurate alerts and attain enhanced protection are emerging. In order to achieve better network security, in this paper we present an adaptive architecture of applying vulnerability analysis for multiple detection sensors to detect network intrusions. The architecture is designed as a layer above intrusion detection aimed at classifying the alerts overload with different severity by correlating results from multiple sensors and integrating vulnerability analysis. Intrusion Detection produces basic alerts for further evaluation, whereas vulnerability analysis provides important information to help identify the alerts. At the same time, the whole process is made more efficient and effective by using predicate-based evaluation.