Intrusion Detection Systems (IDSs) play very crucial role in minimizing the damage caused by different computer attacks. In fact, most IDSs are capable of detecting many attacks, but often appear problematic because of triggering huge number of non-interesting alerts which diminish the value and urgency of interesting alerts. The analysts who review the alerts rarely look at the voluminous alerts until a sign is reported by other security means because it is laborious and challenging task to identify the interesting alerts. This has led to the emergence of many approaches to manage the overwhelming number of alerts. The existing approaches suffer from several limitations. This paper conducts a comprehensive study and evaluation of the key approaches that aim to manage the huge number of alerts in order to identify some research gaps that will objectively motivate researchers to come up with better approaches. At the end of the review, this paper suggests a strategy that can be exploited in order to improve the quality of final alerts.
목차
Abstract 1. Introduction 2. Alert Management Concepts 2.1. Struct and Natures Alerts 3. Existing Works 3.1. Alert Classification 3.2. Alert Correlation 3.3. Knowledge Base Alert Filtering 3.4. Challenging Issues and Recommendations 4. Proposed Strategy 4.1. Alert Verification Module 4.2. Alert Classification Module 4.3. Alert Aggregator Module 4.4. Evaluation of the Proposed Solution 5. Conclusion Acknowledgements References
키워드
Intrusion detection systemsAlert classificationAlert correlationKnowledge based alert filtering
저자
Tu Hoang Nguyen [ College of Information Science and Engineering, Hunan University, Changsha , 410082, P.R. China, Centre for Informatics and Foreign Language, Hanoi University of Industry, Hanoi, Vietnam ]
JiaWei Luo [ College of Information Science and Engineering, Hunan University, Changsha , 410082, P.R. China ]
Humphrey Waita Njogu [ Kenya Institute for Public Policy Research and Analysis (KIPPRA), Nairobi, Kenya ]
보안공학연구지원센터(IJSIA) [Science & Engineering Research Support Center, Republic of Korea(IJSIA)]
설립연도
2006
분야
공학>컴퓨터학
소개
1. 보안공학에 대한 각종 조사 및 연구
2. 보안공학에 대한 응용기술 연구 및 발표
3. 보안공학에 관한 각종 학술 발표회 및 전시회 개최
4. 보안공학 기술의 상호 협조 및 정보교환
5. 보안공학에 관한 표준화 사업 및 규격의 제정
6. 보안공학에 관한 산학연 협동의 증진
7. 국제적 학술 교류 및 기술 협력
8. 보안공학에 관한 논문지 발간
9. 기타 본 회 목적 달성에 필요한 사업
간행물
간행물명
International Journal of Security and Its Applications
간기
격월간
pISSN
1738-9976
수록기간
2008~2016
등재여부
SCOPUS
십진분류
KDC 505DDC 605
이 권호 내 다른 논문 / International Journal of Security and Its Applications Vol.8 No.3