Managing Alerts in a Multi-Intrusion Detection Environment

New Orleans, Lousiana December 10-December 14

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991518

17th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by F. Cuppens

	ASCII Text	x
	F. Cuppens, "Managing Alerts in a Multi-Intrusion Detection Environment," Computer Security Applications Conference, Annual, pp. 0022, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001.

	BibTex	x
	@article{ 10.1109/ACSAC.2001.991518, author = {F. Cuppens}, title = {Managing Alerts in a Multi-Intrusion Detection Environment}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2001}, isbn = {0-7695-1405-7}, pages = {0022}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2001.991518}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Managing Alerts in a Multi-Intrusion Detection Environment SN - 0-7695-1405-7 SP EP A1 - F. Cuppens, PY - 2001 KW - IDS KW - IDMEF KW - DTD KW - cooperative intrusion detection KW - alert clustering KW - alert merging VL - 0 JA - Computer Security Applications Conference, Annual ER -

F. Cuppens, ONERA Toulouse

There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator. A promising approach is to develop a cooperation module to analyze alerts and to generate more global and synthetic alerts. This paper presents the work we did in this context within the MIRADOR project. We suggest specifications for three functions: alert base management, alert clustering and alert merging. The approach is compliant with the IDMEF format currently being defined at the IETF.

Index Terms:

IDS, IDMEF, DTD, cooperative intrusion detection, alert clustering, alert merging

Citation:

F. Cuppens, "Managing Alerts in a Multi-Intrusion Detection Environment," acsac, pp.0022, 17th Annual Computer Security Applications Conference (ACSAC'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.