Context-aware intrusion alerts verification approach

机译：上下文感知入侵警报验证方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Intrusion detection systems (IDSs) produce a massive number of intrusion alerts. A huge number of these alerts are false positives. Investigating false positive alerts is an expensive and time consuming process, and as such represents a significant problem for intrusion analysts. This shows the needs for automated approaches to eliminate false positive alerts. In this paper, we propose a novel alert verification and false positives reduction approach. The proposed approach uses context-aware and semantic similarity to filter IDS alerts and eliminate false positives. Evaluation of the approach with an IDS dataset that contains massive number of IDS alerts yields strong performance in detecting false positive alerts.

机译：入侵检测系统（IDS）会产生大量的入侵警报。这些警报中有大量是误报。调查假阳性警报是一个昂贵且耗时的过程，因此对于入侵分析人员而言是一个重大问题。这表明需要采用自动化方法来消除误报。在本文中，我们提出了一种新颖的警报验证和误报减少方法。所提出的方法使用上下文感知和语义相似性来过滤IDS警报并消除误报。使用包含大量IDS警报的IDS数据集对该方法进行评估，可以在检测假阳性警报方面表现出出色的性能。

著录项

来源
《International Conference on Information Assurance and Security》|2014年|53-59|共7页
会议地点
作者
Saad Sherif; Traore Issa; Brocardo Marcelo Luiz;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Alert Verification; Context-Aware; False Positive; Intrusion Detection; Semantic Similarity;

机译：警报验证;上下文感知;误报;入侵检测;语义相似度;

相似文献

外文文献
中文文献
专利

1. Design of intelligent KNN-based alarm filter using knowledge-based alert verification in intrusion detection [J] . Meng Weizhi, Li Wenjuan, Kwok Lam-For Security and Communications Networks . 2015,第18期

机译：基于知识预警验证的入侵检测智能KNN警报过滤器设计
2. Design of intelligent KNN‐based alarm filter using knowledge‐based alert verification in intrusion detection [J] . Weizhi Meng, Wenjuan Li, Lam‐For Kwok Security and Communication Networks (Online) . 2015,第18期

机译：在入侵检测中使用基于知识的警报验证设计基于KNN的智能警报过滤器
3. An agent-based framework for intrusion detection alert verification and event correlation [J] . Benjamin Uphoff, Johnny S. Wong International Journal of Security and Networks . 2008,第3期

机译：基于代理的入侵检测警报验证和事件关联框架
4. Context-aware intrusion alerts verification approach [C] . Saad Sherif, Traore Issa, Brocardo Marcelo Luiz International Conference on Information Assurance and Security . 2014

机译：背景感知入侵警报验证方法
5. Synthesizing Cyber Intrusion Alerts using Generative Adversarial Networks [D] . Sweet, Christopher R. 2019

机译：使用生成对抗网络合成网络入侵警报
6. Intrusion-Aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks [O] . Riaz Ahmed Shaikh, Hassan Jameel, Brian J. d’Auriol, 2009

机译：无线传感器网络协同分布式入侵检测方案的入侵感知警报验证算法
7. A framework for correlation and aggregation of security alerts in communication networks. A reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective. [O] . Alserhani Faeiz 2011

机译：通信网络中安全警报的关联和聚合框架。一种推理相关和聚合方法，可使用网络入侵检测系统（NIDS）生成的基本警报来检测多阶段攻击情形，以实现全球安全性。
8. Correlating Alerts Using Prerequisites of Intrusions: Towards Reducing False Alerts and Uncovering High Level Attack Strategies [R] . Ning, P. , Reeves, D. S. 2005

机译：使用入侵先决条件关联警报：减少虚假警报并发现高级别攻击策略

Context-aware intrusion alerts verification approach

摘要

著录项

相似文献

相关主题

期刊订阅