Using Alert Cluster to reduce IDS Alerts

机译：使用警报群集减少IDS警报

获取原文

获取外文期刊封面目录资料

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

Intrusion Detection Systems (IDSs) are known to produce huge volumes of alerts. The interesting alerts are always mixed with irrelevant, duplicate and non interesting alerts. Huge volumes or poorly sorted and unclustered alerts frustrate the efforts of analysts when identifying the interesting alerts. Therefore, the unmanageable amount of poorly sorted alerts is a critical issue affecting the performance of IDSs. This paper proposes a better mechanism to compute the similarities of the verified alerts using the distance among the new alert features. Our approach uses the both clustering technique and Supporting Evidence (Vulnerability data) to build a robust Alert Cluster. Our goal was to reduce the unnecessary alert load and improve the quality of alerts sent to the analysts. We can confidently state that our approach significantly reduced the unnecessary alert loads and improved the quality of alerts.

机译：众所周知，入侵检测系统（IDS）会产生大量警报。有趣的警报总是与无关，重复和不有趣的警报混合在一起。数量庞大或分类不正确的警报不合理，使分析师在确定有趣警报时的工作受挫。因此，无法管理的数量不正确的警报是影响IDS性能的关键问题。本文提出了一种更好的机制，可以使用新警报特征之间的距离来计算已验证警报的相似性。我们的方法同时使用了聚类技术和支持证据（漏洞数据）来构建可靠的警报聚类。我们的目标是减少不必要的警报负载并提高发送给分析人员的警报的质量。我们可以自信地说，我们的方法大大减少了不必要的警报负载并提高了警报质量。

著录项

来源
《2010 3rd IEEE international conference on computer science and information technology.;vol. 8.》|2010年|p.467-471|共5页
会议地点 Chengdu(CN);Chengdu(CN)
作者
Humphrey Waita Njogu; Luo Jiawei;
展开▼
作者单位

School of Computer and Communication Hunan University,China;

School of Computer and Communication Hunan University,China;

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;计算技术、计算机技术;计算技术、计算机技术;
关键词
Alert Clustering; Supporting Evidence; Vulnerability data; Alert Reduction; Data Mining.;

机译：警报群集；支持证据;漏洞数据;减少警报；数据挖掘。;

相似文献

外文文献
中文文献
专利

1. Technologic Distractions (Part 1): Summary of Approaches to Manage Alert Quantity With Intent to Reduce Alert Fatigue and Suggestions for Alert Fatigue Metrics [J] . Kane-Gill Sandra L., OConnor Michael F., Rothschild Jeffrey M., Critical care medicine . 2017,第9期

机译：技术干扰（第1部分）：管理警报数量的方法摘要，意图减少警报疲劳和警报疲劳度量的建议
2. Lower alert rates by thematic clustering of associated drug interaction alerts [J] . Heringa M., Siderius H., Floor-Schreudering A., International journal of clinical pharmacy. . 2016,第2期

机译：通过相关药物相互作用警报的主题聚类降低警报率
3. Once-Per-Visit Alerts: A Means to Study Alert Compliance and Reduce Repeat Laboratory Testing [J] . Szymanski Jeffrey J., Qavi Abraham J., Laux Kari, Clinical Chemistry: Journal of the American Association for Clinical Chemists . 2019,第9期

机译：每次访问警报：一种研究警报合规性并减少重复实验室测试的方法
4. Using Alert Cluster to reduce IDS Alerts [C] . Humphrey Waita Njogu, Luo Jiawei IEEE International Conference on Computer Science and Information Technology . 2010

机译：使用警报群集减少IDS警报
5. Alert Driven Rescue: Do In-hospital Sepsis Interventions Following an Advanced Early Warning System Alert Differ Substantially Between Decedents and Survivors? [D] . Linnen, Daniel T. 2018

机译：警报驱动的救援：高级预警系统警报后的院内败血症干预在后代和幸存者之间是否有实质性区别？
6. Lower alert rates by clustering of related drug interaction alerts [O] . Mette Heringa, Hidde Siderius, Annemieke Floor-Schreudering, 2017

机译：通过群集相关药物互动警报来降低警报率
7. Table 2: Comparison of alert response rate and median time to alert acknowledgement between the severe sepsis alert system through AWARE and simulated severe sepsis alerts through traditional text paging. [O] . -1

机译：表2：通过传统文本分页通过传统文本分页，通过意识到和模拟严重的SEPSIS警报来警告严重SEPSIS警报系统的警报响应率和中位时间的比较。
8. Sleep and Alertness Management I: Pharmacokinetics of Hypnotics and Alertness Enhancers in Marmoset Monkeys (slaap- en alertheidsmanagement I: farmacokinetiek van slaap- en alertheidsverhogendemiddelen in marmosetapen) [R] . 2006

机译：睡眠和警觉性管理I：mar猴的催眠药和警觉性增强剂的药代动力学（slaap-en alertheidsmanagement I：marmosetapen中的farmacokinetiek van slaap- en alertheidsverhogendemiddelen）

Using Alert Cluster to reduce IDS Alerts

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅