Processing Intrusion Detection Alerts in Large-scale Network

I
ISECS
2008
2008 International Symposium on Electronic Commerce and Security
Abstract - Processing Intrusion Detection Alerts in Large-scale Network

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Dong Li Articles by Zhitang Li Articles by Jie Ma

2008 International Symposium on Electronic Commerce and Security

August 03-August 05

ISBN: 978-0-7695-3258-5

	ASCII Text	x
	Dong Li, Zhitang Li, Jie Ma, "Processing Intrusion Detection Alerts in Large-scale Network," Electronic Commerce and Security, International Symposium, pp. 545-548, 2008 International Symposium on Electronic Commerce and Security, 2008.

	BibTex	x
	@article{ 10.1109/ISECS.2008.218, author = {Dong Li and Zhitang Li and Jie Ma}, title = {Processing Intrusion Detection Alerts in Large-scale Network}, journal ={Electronic Commerce and Security, International Symposium}, volume = {0}, year = {2008}, isbn = {978-0-7695-3258-5}, pages = {545-548}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISECS.2008.218}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Electronic Commerce and Security, International Symposium TI - Processing Intrusion Detection Alerts in Large-scale Network SN - 978-0-7695-3258-5 SP545 EP548 A1 - Dong Li, A1 - Zhitang Li, A1 - Jie Ma, PY - 2008 KW - Intrusion detection KW - large-scale network VL - 0 JA - Electronic Commerce and Security, International Symposium ER -

Dong Li

Zhitang Li

Jie Ma

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ISECS.2008.218

Intrusion detection system will produce large numbers of alerts, most of which are fasle positives. This paper wants to associate multiple intrusion detection systems in large-scale network to reduce overwhelming false alerts and discover real security events in real time. For processing these alerts, two algrithms named REDUCE and CLUSTER will be developed in this paper, which can remove false alerts with a remarkable periodicity and can cluster multiple homogeneous alerts into one respectively. Experiment shows that over 90% of raw alerts will be filtered and less than 1% of the quantity will remain for analyst to process thoroughly.

Index Terms:

Intrusion detection, large-scale network

Citation:

Dong Li, Zhitang Li, Jie Ma, "Processing Intrusion Detection Alerts in Large-scale Network," isecs, pp.545-548, 2008 International Symposium on Electronic Commerce and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.