Abstract
With the increase in the variety of devices connected to the Internet, each with their own vulnerabilities, we are currently observing an explosion of cyber attacks patterns. Furthermore, the overwhelming number of alerts from security sensors, such as intrusion detection systems (IDSs), makes it impossible to take appropriate countermeasures against attacks. A method to prioritize IDS alerts is therefore required for the next generation of security operation centers (SOCs). To this end, we have developed an IDS alert priority determination method that combines IDS alert information with traffic behavior and uses the difference in the distribution of traffic behavior to determine the priority of the alerts. We performed experiments with 2 million IDS alerts and 20 billion traffic flows in a real large-scale environment over two months and found that our method could identify 553 IDS alerts out of 2 million as high priority, which is a small enough number for SOC analysts to investigate them in detail.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
