Managing Alerts in a Multi-Intrusion Detection Environment

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by F. Cuppens

17th Annual Computer Security Applications Conference (ACSAC'01)

New Orleans, Lousiana

December 10-December 14

ISBN: 0-7695-1405-7

	ASCII Text	x
	F. Cuppens, "Managing Alerts in a Multi-Intrusion Detection Environment," Computer Security Applications Conference, Annual, pp. 0022, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991518, author = {F. Cuppens}, title = {Managing Alerts in a Multi-Intrusion Detection Environment}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0022}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991518}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Managing Alerts in a Multi-Intrusion Detection Environment SN - 0-7695-1405-7 SP EP A1 - F. Cuppens, PY - 2001 KW - IDS KW - IDMEF KW - DTD KW - cooperative intrusion detection KW - alert clustering KW - alert merging VL - 0 JA - Computer Security Applications Conference, Annual ER -

F. Cuppens, ONERA Toulouse

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991518

There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator. A promising approach is to develop a cooperation module to analyze alerts and to generate more global and synthetic alerts. This paper presents the work we did in this context within the MIRADOR project. We suggest specifications for three functions: alert base management, alert clustering and alert merging. The approach is compliant with the IDMEF format currently being defined at the IETF.

Index Terms:

IDS, IDMEF, DTD, cooperative intrusion detection, alert clustering, alert merging

Citation:

F. Cuppens, "Managing Alerts in a Multi-Intrusion Detection Environment," acsac, pp.0022, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.