A survey on IDS alerts processing techniques

Authors:
Safaa O. Al-Mamory;Hong Li Zhang
Affiliations:
School of Computer Science, Harbin Institute of Technology, Harbin, China;School of Computer Science, Harbin Institute of Technology, Harbin, China
Venue:
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Year:
2007

Citing 12
Cited 2

A data mining analysis of RTID alarms

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Mining Alarm Clusters to Improve Alarm Handling Efficiency

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Correlating Alerts Using Prerequisites of Intrusions

Correlating Alerts Using Prerequisites of Intrusions
Alert aggregation in mobile ad hoc networks

WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Clustering intrusion detection alarms to support root cause analysis

ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
A unified alert fusion model for intelligent analysis of sensor data in an intrusion detection environment

A unified alert fusion model for intelligent analysis of sensor data in an intrusion detection environment
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts

Computer Communications

Intrusion detection alarms reduction using root cause analysis and clustering

Computer Communications
A comprehensive vulnerability based alert management approach for large networks

Future Generation Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

When an attacker tries to penetrate the network, there are many defensive systems, including intrusion detection systems (IDSs). Most IDSs are capable of detecting many attacks, but can not provide a clear idea to the analyst because of the huge number of false alerts generated by these systems. This weakness in the IDS has led to the emergence of many methods in which to deal with these alerts, minimize them and highlight the real attacks. It has come to a stage to take a stock of the research results a comprehensive view so that further research in this area will be motivated objectively to fulfill the gaps exists till now.