First International Conference on Distributed Frameworks for Multimedia Applications (DFMA'05) Towards Implementing Intrusion Alert Quality Framework Besan?on, France February 06-February 09 ISBN: 0-7695-2273-4
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DFMA.2005.49
Security alerts high-level reasoning efforts such as alert filtering and intrusion alert correlation are initiatives to solve security data flooding and high false positive alert rates. These efforts decrease the volume of the security data, marginally reduce the false positive rate, and improve the attack-detection rate. Although the results of these efforts have been encouraging, there are still weaknesses partly due to data quality problems. This paper works on the premise that a quality input data should in theory help in producing good results. Thus, the aim of this paper is to propose an intrusion alert quality framework that addresses alert preparation stage for high-level reasoning by enriching and enhancing the alerts with quality parameters, and then encoding these enriched alerts in the IDMEF format. In this format, the enriched alerts are readily usable by high-level reasoning operations.
Citation:
Najwa A. Bakar, Bahari Belaton, "Towards Implementing Intrusion Alert Quality Framework," dfma, pp.198-205, First International Conference on Distributed Frameworks for Multimedia Applications (DFMA'05), 2005 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb