Year-end Sale % OFF 
Abstract
Online intrusion detection systems play an important role in protecting IT systems. Tools like Snort, firewall also detect intrusions. Such intrusion detection systems provide feedback in the form of alerts. However, the number of alerts is more in number and often security personnel are confused with such voluminous messages. This makes them difficult to take decision immediately. They take time to analyze the alerts and come to a conclusion for directions for taking actions. The security risk estimation and resolving the security problem depends on quick understanding of alerts. The bulk of alerts given by low level intrusion detection systems make it time consuming to arrive at decisions. To overcome this problem the alerts provided by low level detection systems can be programmatically aggregated and summarized alerts can be given to security personnel so as to enable them to draw conclusions quickly and take required actions. We propose a new technique for the purpose of online alert aggregation based on dynamic, probabilistic model. The solution is based on maximum likelihood approach which is a data stream version. The empirical results revealed that the proposed solution is effective and useful. Index Terms - Online intrusion detection, data streaming, probabilistic model, alert aggregation.
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
