2010 Fourth International Conference on Emerging Security Information, Systems and Technologies (2010)
July 18, 2010 to July 25, 2010
Intrusion Detection Systems (IDS) are one of the powerful systems used to secure the computer environments. These systems trigger thousands of alerts per day and become a headache issue to the analyst, because they need to analyze the severity of the alerts and other fields, such as the IP addresses. This paper Investigates the most popular aggregation methods, which deals with IDS alerts. In addition, we propose Threshold Aggregation Framework (TAF) to handle IDS alerts. TAF is based on time as a main component to aggregate the alerts while TAF support aggregating alerts without threshold by setting the threshold value to 0.
Computer security; Intrusion Detection System; False Positive Alerts; Redundant Alerts; Alert Aggregation.
S. Ramadass, A. Manasrah, O. Abouabdalla, A. Al-Madi, H. El-Taj and M. I. Sarwar, "Forthcoming Aggregating Intrusion Detection System Alerts Framework," 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies(SECURWARE), Venice, Italy, 2010, pp. 40-44.