Towards Implementing Intrusion Alert Quality Framework

Besan?on, France February 06-February 09

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DFMA.2005.49

First International Conference on Dis ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Najwa A. Bakar Articles by Bahari Belaton

	ASCII Text	x
	Najwa A. Bakar, Bahari Belaton, "Towards Implementing Intrusion Alert Quality Framework," Distributed Frameworks for Multimedia Applications, International Conference on, pp. 198-205, First International Conference on Distributed Frameworks for Multimedia Applications (DFMA'05), 2005.

	BibTex	x
	@article{ 10.1109/DFMA.2005.49, author = {Najwa A. Bakar and Bahari Belaton}, title = {Towards Implementing Intrusion Alert Quality Framework}, journal ={Distributed Frameworks for Multimedia Applications, International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2273-4}, pages = {198-205}, doi = {http://doi.ieeecomputersociety.org/10.1109/DFMA.2005.49}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Frameworks for Multimedia Applications, International Conference on TI - Towards Implementing Intrusion Alert Quality Framework SN - 0-7695-2273-4 SP198 EP205 A1 - Najwa A. Bakar, A1 - Bahari Belaton, PY - 2005 KW - null VL - 0 JA - Distributed Frameworks for Multimedia Applications, International Conference on ER -

Najwa A. Bakar, University Sains Malaysia, Penang

Bahari Belaton, University Sains Malaysia, Penang

Security alerts high-level reasoning efforts such as alert filtering and intrusion alert correlation are initiatives to solve security data flooding and high false positive alert rates. These efforts decrease the volume of the security data, marginally reduce the false positive rate, and improve the attack-detection rate. Although the results of these efforts have been encouraging, there are still weaknesses partly due to data quality problems. This paper works on the premise that a quality input data should in theory help in producing good results. Thus, the aim of this paper is to propose an intrusion alert quality framework that addresses alert preparation stage for high-level reasoning by enriching and enhancing the alerts with quality parameters, and then encoding these enriched alerts in the IDMEF format. In this format, the enriched alerts are readily usable by high-level reasoning operations.

Citation:

Najwa A. Bakar, Bahari Belaton, "Towards Implementing Intrusion Alert Quality Framework," dfma, pp.198-205, First International Conference on Distributed Frameworks for Multimedia Applications (DFMA'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.