Title | ||
---|---|---|
TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation |
Abstract | ||
---|---|---|
Current reactive and standalone network security products are not capable of withstanding the onslaught of diversified network threats. As a result, a new security paradigm, where integrated security devices or systems collaborate closely to achieve enhanced protection and provide multi-layer defenses is emerging. In this paper, we present the design of a collaborative architecture for multiple intrusion detection systems to work together to detect real-time network intrusions. The detection is made more efficient and effective by using collaborative intelligent agents, relevant knowledge base and combination of multiple detection sensors. The architecture is composed of three parts: Collaborative Alert Aggregation, Knowledge-based Alert Evaluation and Alert Correlation. The architecture is aimed at reducing the alert overload by correlating results from multiple sensors to generate condensed views, reducing false positives by integrating network and host system information into the evaluation process and correlating events based on logical relations to generate global and synthesized alert report. The architecture is designed as a layer above intrusion detection for post-detection alert analysis and security actions. The first two parts of the architecture have been implemented and the implementation results are presented in this paper. |
Year | DOI | Venue |
---|---|---|
2005 | 10.1016/j.aei.2005.05.004 | Advanced Engineering Informatics |
Keywords | Field | DocType |
security action,real-time network intrusion,new security paradigm,cscw,intrusion detection,diversified network threat,multiple detection sensor,knowledge-based alert evaluation,multiple intrusion detection system,collaborative architecture,intelligent agents,alert,network security,integrated security device,collaborative intrusion detection,standalone network security product,false positive,intrusion detection system,intelligent agent,knowledge base,real time | Data mining,Architecture,Host-based intrusion detection system,Intelligent agent,Computer-supported cooperative work,Computer security,Network security,Engineering,Knowledge base,Intrusion detection system,False positive paradox | Journal |
Volume | Issue | ISSN |
19 | 2 | Advanced Engineering Informatics |
Citations | PageRank | References |
25 | 1.20 | 6 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jinqiao Yu | 1 | 51 | 6.35 |
Y. V. Ramana Reddy | 2 | 69 | 20.35 |
Sentil Selliah | 3 | 42 | 4.14 |
Sumitra Reddy | 4 | 123 | 28.83 |
Vijayanand Bharadwaj | 5 | 45 | 5.71 |
Srinivas Kankanahalli | 6 | 43 | 4.49 |