Research on alert correlation method based on alert confidence in multi-IDS environment
To overcome the shortcoming of current alert correlation methods which didn’t consider the confidence of IDS,an alert correlation method based on alerts confidence using the evidence theory was presented.Each alert was regarded as a piece of evidence of a network attack.Then multiple pieces of evide...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2011-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74419639/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841537124507058176 |
|---|---|
| author | MEI Hai-bin GONG Jian |
| author_facet | MEI Hai-bin GONG Jian |
| author_sort | MEI Hai-bin |
| collection | DOAJ |
| description | To overcome the shortcoming of current alert correlation methods which didn’t consider the confidence of IDS,an alert correlation method based on alerts confidence using the evidence theory was presented.Each alert was regarded as a piece of evidence of a network attack.Then multiple pieces of evidence were combined by the Dempster’s combina-tion rule,and used to infer whether the attack corresponding to the alerts took place.As a result,the ambiguity and con-fliction in alerts were eliminated,achieving the goal of improving alerts quality.Experimental results on the DARPA 2000 IDS test dataset show that the proposed method can efficiently decrease the false alert rate and reduce more than 60% of the alerts. |
| format | Article |
| id | doaj-art-a644b501606e4f0daa0063ccdba2a204 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2011-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-a644b501606e4f0daa0063ccdba2a2042025-01-14T08:45:43ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2011-01-013213814674419639Research on alert correlation method based on alert confidence in multi-IDS environmentMEI Hai-binGONG JianTo overcome the shortcoming of current alert correlation methods which didn’t consider the confidence of IDS,an alert correlation method based on alerts confidence using the evidence theory was presented.Each alert was regarded as a piece of evidence of a network attack.Then multiple pieces of evidence were combined by the Dempster’s combina-tion rule,and used to infer whether the attack corresponding to the alerts took place.As a result,the ambiguity and con-fliction in alerts were eliminated,achieving the goal of improving alerts quality.Experimental results on the DARPA 2000 IDS test dataset show that the proposed method can efficiently decrease the false alert rate and reduce more than 60% of the alerts.http://www.joconline.com.cn/zh/article/74419639/network securityintrusion detection systemalert correlationevidence theoryconfidence |
| spellingShingle | MEI Hai-bin GONG Jian Research on alert correlation method based on alert confidence in multi-IDS environment Tongxin xuebao network security intrusion detection system alert correlation evidence theory confidence |
| title | Research on alert correlation method based on alert confidence in multi-IDS environment |
| title_full | Research on alert correlation method based on alert confidence in multi-IDS environment |
| title_fullStr | Research on alert correlation method based on alert confidence in multi-IDS environment |
| title_full_unstemmed | Research on alert correlation method based on alert confidence in multi-IDS environment |
| title_short | Research on alert correlation method based on alert confidence in multi-IDS environment |
| title_sort | research on alert correlation method based on alert confidence in multi ids environment |
| topic | network security intrusion detection system alert correlation evidence theory confidence |
| url | http://www.joconline.com.cn/zh/article/74419639/ |
| work_keys_str_mv | AT meihaibin researchonalertcorrelationmethodbasedonalertconfidenceinmultiidsenvironment AT gongjian researchonalertcorrelationmethodbasedonalertconfidenceinmultiidsenvironment |