Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
A Trend Analysis of Exploitations
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Active security management based on secure zone cooperation
Future Generation Computer Systems - Special issue: Modeling and simulation in supercomputing and telecommunications
Alarm Reduction and Correlation in Defence of IP Networks
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Towards Implementing Intrusion Alert Quality Framework
DFMA '05 Proceedings of the First International Conference on Distributed Frameworks for Multimedia Applications
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion
IEEE Security and Privacy
Using the vulnerability information of computer systems to improve the network security
Computer Communications
Alert Verification Based on Attack Classification in Collaborative Intrusion Detection
SNPD '07 Proceedings of the Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing - Volume 02
ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Intrusion detection alarms reduction using root cause analysis and clustering
Computer Communications
A decision support system for constructing an alert classification model
Expert Systems with Applications: An International Journal
A logic-based model to support alert correlation in intrusion detection
Information Fusion
TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation
Advanced Engineering Informatics
Improvement in intrusion detection with advances in sensor fusion
IEEE Transactions on Information Forensics and Security
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Real-time classification of IDS alerts with data mining techniques
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Managing application whitelists in trusted distributed systems
Future Generation Computer Systems
Selective and Early Threat Detection in Large Networked Systems
CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Journal of Network and Systems Management
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems
International Journal of Network Management
RT-MOVICAB-IDS: Addressing real-time intrusion detection
Future Generation Computer Systems
Network specific false alarm reduction in intrusion detection system
Security and Communication Networks
Hi-index | 0.00 |
Traditional Intrusion Detection Systems (IDSs) are known for generating large volumes of alerts despite all the progress made over the last few years. The analysis of a huge number of raw alerts from large networks is often time consuming and labour intensive because the relevant alerts are usually buried under heaps of irrelevant alerts. Vulnerability based alert management approaches have received considerable attention and appear extremely promising in improving the quality of alerts. They filter out any alert that does not have a corresponding vulnerability hence enabling the analysts to focus on the important alerts. However, the existing vulnerability based approaches are still at the preliminary stage and there are some research gaps that need to be addressed. The act of validating alerts may not guarantee alerts of high quality because the validated alerts may contain huge volumes of redundant and isolated alerts. The validated alerts too lack additional information needed to enhance their meaning and semantic. In addition, the use of outdated vulnerability data may lead to poor alert verification. In this paper, we propose a fast and efficient vulnerability based approach that addresses the above issues. The proposed approach combines several known techniques in a comprehensive alert management framework in order to offer a novel solution. Our approach is effective and yields superior results in terms of improving the quality of alerts.