Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation

Authors:
Chengpo Mu;Houkuan Huang;Shengfeng Tian
Affiliations:
School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing, China
Venue:
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I
Year:
2005

Citing 3
Cited 4

An Intrusion Alert Correlator Based on Prerequisites of Intrusions

An Intrusion Alert Correlator Based on Prerequisites of Intrusions
A mission-impact-based approach to INFOSEC alarm correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Domain Specific Intended Use Evaluation Method: Intrusion Detection Specific Intended Use Evaluation Method

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
An intrusion response decision-making model based on hierarchical task network planning

Expert Systems with Applications: An International Journal
Intelligent alarm filter using knowledge-based alert verification in network intrusion detection

ISMIS'12 Proceedings of the 20th international conference on Foundations of Intelligent Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Alert verification is a process which compares the information referred by an alert with the configuration and topology information of its target system in order to determine if the alert is relevant to its target system. It can reduce false positive alerts and irrelevant alerts. The paper presents an alert verification approach based on multi-level fuzzy comprehensive evaluation. It is effective in achieving false alert and irrelevant alerts reduction, which have been proved by our experiments. The algorithm can deal with the uncertainties better than other alert verification approaches. The relevance score vectors obtained from the algorithm facilitate the formulation of fine and flexible security policies, and further alert processing.