Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2006
ACM
2006
ACM
Time series modeling for IDS alert management
Intrusion detection systems create large amounts of alerts. Significant part of these alerts can be seen as background noise of an operational information system, and its quantity typically overwhelms the user. In this paper we have three points to make. First, we present our findings regarding the causes of this noise. Second, we provide some reasoning why one would like to keep an eye on the noise despite the large number of alerts. Finally, one approach for monitoring the noise with reasonable user load is proposed. The approach is based on modeling regularities in alert flows with classical time series methods. We present experimentations and results obtained using real world data. Categories and Subject Descriptors C.2.3 [Computer - Communication Networks]: Network Operations--Network monitoring; C.2.0 [Computer Communication Networks]: General--Security and protection General Terms Security, Experimentation
Real-time TrafficBackground Noise | CCS 2006 | Communication Networks | Intrusion Detection Systems | Security Privacy |
Related Content
| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2006 |
| Where | CCS |
| Authors | Jouni Viinikka, Hervé Debar, Ludovic Mé, Renaud Séguier |
Comments (0)
Researcher Info
|
