Alarm Reduction and Correlation in Intrusion Detection Systems
Lade...
Datum
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik
Sonstige Titel
Zusammenfassung
Large Critical Complex Infrastructures are increasingly dependent on IP
networks. Reliability by redundancy and tolerance are an imperative for such
dependable networks. In order to achieve the desired reliability, the detection of
faults, misuse, and attacks is essential. This can be achieved by applying methods
of intrusion detection. However, in large systems, these methods produce an
uncontrollable vast amount of data which overwhelms human operators. This
paper studies the role of alarm reduction and correlation in existing networks for
building more intelligent safeguards that support and complement the decisions by
the operator. We present an architecture that incorporates Intrusion Detection
Systems as sensors, and provides quantitatively and qualitatively improved alarms
to the human operator. Alarm reduction via static and adaptive filtering,
aggregation, and correlation is demonstrated using realistic data from sensors such
as Snort, Samhain, and Syslog.
Beschreibung
Inhaltsverzeichnis
Schlagwörter
alarm correlation, alarm reduction, intrusion detection
Schlagwörter nach RSWK
Zitierform
Tobias Chyssler, Stefan Burschka, Michael Semling, Tomas Lingvall, Kalle Burbeck: Alarm Reduction and Correlation in Intrusion Detection Systems. In Flegel, U.; Meier, M. (Eds.): Proc. of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, number P-46 in Lecture Notes in Informatics, pp. 9-24, Dortmund, Germany, July 2004, Köllen Verlag; ISBN 3-88579-365-X.