Paper Info
Title
An effective method for analyzing intrusion situation through IP-Based classification
Abstract
Due to a false alert or mass alerts by current intrusion detection systems, the system administrators have difficulties in real-time analysis of an intrusion. In order to solve this problem, it has been studied to analyze the intrusion situation or correlation. However, the existing situation analysis method is grouping with the similarity of measures, and it makes hard to respond appropriately to an elaborate attack. Also, the result of the method is so abstract that the raw information before reduction must be analyzed to realize the intrusion. In this paper, we reduce the number of alerts using the aggregation and correlation and classify the alerts by IP addresses and attack types. Through this method, our tool can find a cunningly cloaked attack flow as well as general attack situation, and more, they are visualized. So an administrator can easily understand the correct attack flow.
Year
DOI
Venue
2005
10.1007/11424826_24
ICCSA
Keywords
Field
DocType
ip-based classification,existing situation analysis method,effective method,intrusion situation,correct attack flow,ip address,cunningly cloaked attack flow,attack type,elaborate attack,real-time analysis,current intrusion detection system,general attack situation,intrusion detection system,real time
Similitude,Internet Protocol,Data mining,Attack model,Intrusion,Effective method,Computer security,Computer science,Situation analysis,Intrusion prevention system,Intrusion detection system
Conference
Volume
ISSN
ISBN
3481
0302-9743
3-540-25861-2
Citations 
PageRank 
References 
0
0.34
5
Authors
7
Name
Order
Citations
PageRank
Min-Soo Kim143751.12
Jae-Hyun Seo2456.55
Seungyong Lee32130157.29
Bong-Nam Noh46814.75
Jungtaek Seo54916.34
Eung-Ki Park663.62
Choon-Sik Park742776.64