Abstract | ||
---|---|---|
The main objective of an Intrusion Detection System is to analyze system and network activity to detect unauthorized entry and/or malicious activity. IDSs protect a system or network from attack, misuse and compromise. They can also monitor network activity, analyze system and network configurations against vulnerability and more. Having detected abnormal activities, IDSs trigger alerts to report them, these alerts are presented to the security analyst. In practice, IDSs generate a large number of alerts per day, especially false alerts (i.e., false positives). This makes it very difficult for the analyst to correctly identify alerts related to attack. In this paper, we review the existing approaches for Intrusion Risk Assessment and Alert Prioritization and we propose a new model, the objective is to determine the criticality of certain events on the security status of a network. Most existing approaches are limited to manual Risk Assessment, that are not suitable for Real-time use. In this approach, we evaluate the risk of an alert as a composition of certain parameters of each alert, also in this work we evaluate the Risk of Cluster of Alerts (i.e., Meta-Alerts), then we integrate the Risk Assessment model with our last work, thus, we apply the results to prioritize alerts produced by the IDS and generate alarms if Risk is high. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/978-3-319-68179-5_56 | UBIQUITOUS NETWORKING, UNET 2017 |
Keywords | DocType | Volume |
Intrusion detection, Risk assessment, Pattern matching, False positive, Priority, Severity, Events, Alerts, Reliability, KDD cup 99 | Conference | 10542 |
ISSN | Citations | PageRank |
0302-9743 | 0 | 0.34 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
El Mostapha Chakir | 1 | 0 | 0.34 |
Mohamed Moughit | 2 | 0 | 0.68 |
Youness Idrissi Khamlichi | 3 | 0 | 0.34 |