文章基本信息

标题：A Survey On Intrusion Detection System with Similar Alarm Accumulation and Notification
本地全文：下载
作者：Anoop Shankar ; S S Jadhav
期刊名称：International Journal of Computer Science & Technology
印刷版ISSN：2229-4333
电子版ISSN：0976-8491
出版年度：2013
卷号：4
期号：2
页码：621-623
语种：English
出版社：Ayushmaan Technologies
摘要：A single intrusive attack instance might often spread over many network connections or log file entries and may create thousands of alarms for same single attack instance . At present, most Intrusion Detection Systems are quite reliable in detecting suspicious actions by evaluating TCP/IP connections or log file. Once an Intrusion Detection System finds a suspicious event, it immediately generates an alarm which contains information about the source, target, and the type of the attack(SQL injection or buffer overflow) . IDS usually focus on detecting attack types, but not on differentiating attack instances. Even low rates of false alerts could easily result in a high total number of false alerts. Here alert aggregation can be the main subtask of intrusion detection system and the main goal is to identify and cluster different alerts originate from lowlevel IDS such as from firewalls (FW), etc. Alarms that belong to one attack instance must be clustered together and meta-alerts must be generated for these clusters. Here , we suggest a unique technique for alert accumulation and aggregation on network which is based on a dynamic as well as probabilistic model of the current attack situation.
关键词：IDS;TCP/IP;Firewalls;SQL injection;Buffer Overflow