Loading...
Please wait, while we are loading the content...
Similar Documents
TRINETR : An Intrusion Detection Alert Management and Analysis System
| Content Provider | Semantic Scholar |
|---|---|
| Author | Yu, Jinqiao Reddy, D. Sumitra Jagannathan, D. Vasudevan |
| Copyright Year | 2004 |
| Abstract | TRINETR: An Intrusion Detection Alert Management and Analysis System by Jinqiao Yu Intrusion detection system (IDS) is a software system or hardware device deployed to monitor network and host activities including data flows and information accesses etc. to capture suspicious activities. In recent years, IDS has began to gain wide acceptance as a necessary and worthwhile investment on security. But current IDS products present many flaws including alert flooding, too many false alerts, lack of context awareness and security decision support etc. Many of these problems are severely hindering them from being used more efficiently in practice. To make the use of IDS products more efficient and generated alerts more accurate, this dissertation work an intrusion detection alert management and analysis project, dubbed as TRINETR, has been developed at Concurrent Engineering Research Center of West Virginia University. A novel alert management and analysis architecture is presented in the project. The architecture is composed of three key parts: (1) Alert Aggregation, (2) Knowledge-based Alert Evaluation and Security Decision Support, and (3) Alert Correlation. The project is aimed at reducing alert overload by aggregating alerts from multiple sensors to generate condensed views, reducing false positive alerts by integrating network and host system information into alert evaluation process, providing appropriate security solution suggestion regarding the evaluated alerts to facilitate decision making, and correlating intrusion events based on logical relations among them to generate global and synthesized alert report. Implementation and testing of a prototype system are also reported in this dissertation as well as a study of application of time series analysis approach into alert correlation. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://siplab.csee.wvu.edu/research/TRINETR/Dissertation.pdf |
| Language | English |
| Access Restriction | Open |
| Subject Keyword | Alert brand of caffeine Alert correlation Alert:Type:Point in time:^Patient:Nominal Chromosome Condensation Context awareness Decision Making Decision support system Dental Intrusion Floods Flow How True Feel Alert Right Now Intrusion detection system Inventory of drinking situations Logical relations Prototype Sensor Software system System Information (Windows) Time Series Analysis |
| Content Type | Text |
| Resource Type | Article |
