Snort 2.0 Intrusion Detection
SnortView: visualization system of snort logs
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
IDS RainStorm: Visualizing IDS Alarms
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Hi-index | 0.00 |
One of the primary challenges in IDS alerts analysis is controlling and archiving the huge amount of alerts that have been triggered mainly in attack periods. We have developed a self-adaptive controlling mechanism which archives the Snort generated alerts in a well-formed abstracted format. An appropriate hashing technique along with a full-automated time-based hierarchical archiving approach has been used to reach this end. The developed system prevents the Snort database size to grow uncontrollably and unexpectedly. Results obtained from experiments and test cases show that especially in critical attack situations the system responds to queries well in a reasonable amount of time. The developed analyzer with new archiving approach is also able to compress the generated alerts effectively and generate statistical reports fast. The developed system is platform independent and can be deployed on mid-range servers and workstations. Also employing it does not require much degree of security expertise.