Alarm Reduction and Correlation in Intrusion Detection Systems
| dc.contributor.author | Burbeck, Kalle | |
| dc.contributor.author | Burschka, Stefan | |
| dc.contributor.author | Chyssler, Tobias | |
| dc.contributor.author | Lingvall, Tomas | |
| dc.contributor.author | Semling, Michael | |
| dc.date.accessioned | 2006-08-16T12:09:19Z | |
| dc.date.available | 2006-08-16T12:09:19Z | |
| dc.date.issued | 2004-07 | |
| dc.description.abstract | Large Critical Complex Infrastructures are increasingly dependent on IP networks. Reliability by redundancy and tolerance are an imperative for such dependable networks. In order to achieve the desired reliability, the detection of faults, misuse, and attacks is essential. This can be achieved by applying methods of intrusion detection. However, in large systems, these methods produce an uncontrollable vast amount of data which overwhelms human operators. This paper studies the role of alarm reduction and correlation in existing networks for building more intelligent safeguards that support and complement the decisions by the operator. We present an architecture that incorporates Intrusion Detection Systems as sensors, and provides quantitatively and qualitatively improved alarms to the human operator. Alarm reduction via static and adaptive filtering, aggregation, and correlation is demonstrated using realistic data from sensors such as Snort, Samhain, and Syslog. | en |
| dc.format.extent | 1996587 bytes | |
| dc.format.mimetype | application/pdf | |
| dc.identifier.citation | Tobias Chyssler, Stefan Burschka, Michael Semling, Tomas Lingvall, Kalle Burbeck: Alarm Reduction and Correlation in Intrusion Detection Systems. In Flegel, U.; Meier, M. (Eds.): Proc. of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, number P-46 in Lecture Notes in Informatics, pp. 9-24, Dortmund, Germany, July 2004, Köllen Verlag; ISBN 3-88579-365-X. | de |
| dc.identifier.uri | http://hdl.handle.net/2003/22771 | |
| dc.identifier.uri | http://dx.doi.org/10.17877/DE290R-2012 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik | de |
| dc.relation.ispartof | DIMVA 2004, July 6-7, Dortmund, Germany | en |
| dc.relation.ispartofseries | Lecture Notes in Informatics;P-46 | en |
| dc.subject | alarm correlation | en |
| dc.subject | alarm reduction | en |
| dc.subject | intrusion detection | en |
| dc.subject.ddc | 004 | |
| dc.title | Alarm Reduction and Correlation in Intrusion Detection Systems | en |
| dc.type | Text | de |
| dc.type.publicationtype | conferenceObject | en |
| dcterms.accessRights | open access |