The Community for Technology Leaders
2010 Fourth International Conference on Emerging Security Information, Systems and Technologies (2010)
Venice, Italy
July 18, 2010 to July 25, 2010
ISBN: 978-0-7695-4095-5
pp: 40-44
ABSTRACT
Intrusion Detection Systems (IDS) are one of the powerful systems used to secure the computer environments. These systems trigger thousands of alerts per day and become a headache issue to the analyst, because they need to analyze the severity of the alerts and other fields, such as the IP addresses. This paper Investigates the most popular aggregation methods, which deals with IDS alerts. In addition, we propose Threshold Aggregation Framework (TAF) to handle IDS alerts. TAF is based on time as a main component to aggregate the alerts while TAF support aggregating alerts without threshold by setting the threshold value to 0.
INDEX TERMS
Computer security; Intrusion Detection System; False Positive Alerts; Redundant Alerts; Alert Aggregation.
CITATION
Sureswaran Ramadass, Ahmed Manasrah, Omar Abouabdalla, Ahmed Al-Madi, Homam El-Taj, Muhammad Imran Sarwar, "Forthcoming Aggregating Intrusion Detection System Alerts Framework", 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies, vol. 00, no. , pp. 40-44, 2010, doi:10.1109/SECURWARE.2010.14
92 ms
(Ver 3.3 (11022016))