Using Contextual Information for IDS Alarm Classification (Extended Abstract)
作者: François Gagnon , Frédéric Massicotte , Babak Esfandiari
DOI: 10.1007/978-3-642-02918-9_9
关键词:
摘要: Signature-based intrusion detection systems are known to generate many noncritical alarms (alarms not related a successful attack). Adding contextual information IDSes is promising avenue identify alarms. Several approaches using have been suggested. However, it clear what the benefits of specific approach. This paper establishes effectiveness target configuration (i.e. operating system and applications) as for identifying Moreover, demonstrates that current tools OS discovery adequate IDS context gathering.
springer.com
acm.org
etsmtl.ca
sci-hub.se 参考文章(9)
Amit Singhal, Modern Information Retrieval : A Brief Overview IEEE Data(base) Engineering Bulletin. ,vol. 24, pp. 35- 43 ,(2001)
Samuel Patton, An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT Proceedings of RAID2001, Davis, CA, USA. ,(2001)
Christopher Kruegel, William Robertson, Alert Verification Determining the Success of Intrusion Attempts DIMVA. pp. 25- 38 ,(2004) , 10.17877/DE290R-2013
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Robin Sommer, Vern Paxson, Enhancing byte-level network intrusion detection signatures with context computer and communications security. pp. 262- 271 ,(2003) , 10.1145/948109.948145
Francois Gagnon, Babak Esfandiari, Leopoldo Bertossi, A Hybrid Approach to Operating System Discovery using Answer Set Programming integrated network management. pp. 391- 400 ,(2007) , 10.1109/INM.2007.374804
Frederic Massicotte, Francois Gagnon, Yvan Labiche, Lionel Briand, Mathieu Couture, Automatic Evaluation of Intrusion Detection Systems annual computer security applications conference. pp. 361- 370 ,(2006) , 10.1109/ACSAC.2006.15
Jingmin Zhou, A.J. Carlson, M. Bishop, Verify results of network intrusion alerts using lightweight protocol analysis annual computer security applications conference. pp. 117- 126 ,(2005) , 10.1109/CSAC.2005.62