ACM Transactions on Information and System Security (TISSEC)
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Automatic Evaluation of Intrusion Detection Systems
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Using Answer Set Programming to Enhance Operating System Discovery
LPNMR '09 Proceedings of the 10th International Conference on Logic Programming and Nonmonotonic Reasoning
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
A hybrid approach to operating system discovery based on diagnosis
International Journal of Network Management
Hi-index | 0.00 |
Signature-based intrusion detection systems are known to generate many noncritical alarms (alarms not related to a successful attack). Adding contextual information to IDSes is a promising avenue to identify noncritical alarms. Several approaches using contextual information have been suggested. However, it is not clear what are the benefits of using a specific approach. This paper establishes the effectiveness of using target configuration (i.e. operating system and applications) as contextual information for identifying noncritical alarms. Moreover, it demonstrates that current tools for OS discovery are not adequate for IDS context gathering.