Abstract
Most statistical methods do not perfectly conform to real cases of cyber crimes. Consequently, using statistical methods to analyze intrusion logs in order to present evidentiary values in courts of law are often refuted as baseless and inadmissible evidences regardless of the input spent to generate the reports and whether the reports are well-grounded evidences or not. Sometimes, complainants are often bewildered and confused because it is almost certain that the prime suspects will be absolved in courts of law. These are tragic developments to computer security experts, corporate and private organizations that leverage on the usage of the Internet facilities to boost service delivery, business activities and profitability. Thus, this paper presents non-statistical metrics that adopt Serialization Modelling Method (S2M) to improve interpretations of intrusion logs. The approach instantiates tokens and serializes alerts triggered by Snort using well-defined values. Experiments illustrate that duplicate tokens or patterns of alerts that exhibit increased propensity are indicative of redundant alerts to a certain degree.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
