TRINETR: an intrusion detection alert management systems

@article{Yu2004TRINETRAI,
  title={TRINETR: an intrusion detection alert management systems},
  author={Jinqiao Yu and Y. V. Ramana Reddy and Sentil Selliah and Kankanahalli Srinivas and Sumitra Reddy and Vijayanand Bharadwaj},
  journal={13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises},
  year={2004},
  pages={235-240}
}
  • Jinqiao Yu, Y. Reddy, +3 authors V. Bharadwaj
  • Published 14 June 2004
  • Computer Science
  • 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
In response to the daunting threats of cyber attacks, a promising approach is computer and network forensics. Intrusion detection system is an indispensable part of computer and network forensics. It is deployed to monitor network and host activities including dataflows and information accesses etc. But current intrusion detection products presents many flaws including alert flooding, too many false alerts and isolated alerts etc. We describe an ongoing project to develop an intrusion alert… Expand
Trinetr: an intrusion detection alert management and analysis system
Intrusion detection system (IDS) is a software system or hardware device deployed to monitor network and host activities including data flows and information accesses etc. to capture suspiciousExpand
Risk Assessment and Alert Prioritization for Intrusion Detection Systems
TLDR
A new model is proposed, the objective is to determine the criticality of certain events on the security status of a network and it is applied to prioritize alerts produced by the IDS and generate alarms if Risk is high. Expand
Alert prioritization in Intrusion Detection Systems
TLDR
A fuzzy-logic based technique for scoring and prioritizing alerts generated by an IDS is proposed and an alert rescoring technique is presented that leads to a further reduction of the number of alerts. Expand
FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems
TLDR
This paper considers the specification and configuration issues of FuzMet, a novel IDS alert management system which employs several metrics and a fuzzy-logic based approach for scoring and prioritizing alerts and features an alert rescoring technique that leads to a further reduction in the number of alerts. Expand
IDS alerts classification using knowledge-based evaluation
TLDR
PIKE is described, Post-processor for IDS alerts using Knowledge-based Evaluation, a system that uses background information about the hosts present on the network and the vulnerability exploited to generate a score for each alert, measure of the importance of the alert. Expand
Intelligent techniques for network sensor information processing in large-scale network infrastructures
  • E. Hooper
  • Computer Science
  • 2008 International Conference on Intelligent Sensors, Sensor Networks and Information Processing
  • 2008
TLDR
A novel approach for efficient intelligent detection and response to suspect packets to benign false positives, using network quarantine channels (NQCs) technique with multiple zones for isolation and interaction with the source packets in real-time. Expand
TRINETR: Facilitating Alerts Analysis and Response Decision Making
TLDR
An intrusion detection alert management and analysis system, called TRINETR, which can serve as a layer above IDS to make the use of IDS more efficient and intrusion alerts more accurate and meaningful as well as provide real time security decision making support. Expand
Towards an Integrated Intrusion Detection Monitoring in High Speed Networks
TLDR
The herein proposed architecture, the snort IDS improvement techniques and the integrated platform played a crucial role in improving of IDS real-time monitoring. Expand
False alarm minimization techniques in signature-based intrusion detection systems: A survey
TLDR
This paper gives a taxonomy of false alarm minimization techniques in signature-based IDS and presents the pros and cons of each class and concludes with some directions to the future research. Expand
Anomalies Classification Approach for Network-based Intrusion Detection System
TLDR
A set of network traffic features that deemed to be the most relevant features in identifying wide range of network anomalies and an A-IDS alarm classifier based on machine learning technologies to automatically classify activities detected by a packet header-based anomaly detection system are presented. Expand
...
1
2
3
4
...

References

SHOWING 1-10 OF 93 REFERENCES
A collaborative architecture for intrusion detection systems with intelligent agents and knowledge-based alert evaluation
TLDR
A collaborative architecture design for multiple intrusion detection systems to work together to detect real-time network intrusions and reduce false positives is presented. Expand
Analyzing Intensive Intrusion Alerts via Correlation
TLDR
This work develops three utilities (called adjustable graph reduction, focused analysis, and graph decomposition) to facilitate the analysis of large sets of correlated alerts and studies the effectiveness of this method through a case study with the network traffic captured at the DEF CON 8 Capture the Flag (CTF) event. Expand
Alert correlation in a cooperative intrusion detection framework
  • F. Cuppens, A. Miège
  • Computer Science
  • Proceedings 2002 IEEE Symposium on Security and Privacy
  • 2002
TLDR
This paper presents the work done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS), and focuses on the approach to design the correlation function. Expand
Statistical Causality Analysis of INFOSEC Alert Data
TLDR
The results show that the approach can discover new patterns of attack relationships when the alerts of attacks are statistically correlated, and complements other approaches that use hard-coded prior knowledge for pattern matching. Expand
A Mission-Impact-Based Approach to INFOSEC Alarm Correlation
TLDR
The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices through a strategy of topology analysis, alert prioritization, and common attribute-based alert aggregation. Expand
Proactive Intrusion Detection and Distributed Denial of Service Attacks—A Case Study in Security Management
TLDR
A principled approach is described for discovering precursors to DDoS attacks in databases formed by MIB variables recorded from multiple domains in networked information systems. Expand
Probabilistic Alert Correlation
TLDR
The probabilistic approach provides a unified mathematical framework for correlating alerts that match closely but not perfectly, where the minimum degree of match required to fuse alerts is controlled by a single configurable parameter. Expand
DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype
TLDR
An overview of the motivation behind DIDS, the system architecture and capabilities, and a discussion of the early prototype of the DIDS is provided. Expand
Intrusion Detection Force: an infrastructure for Internet-scale intrusion detection
  • L. Teo, Y. Zheng, Gail-Joon Ahn
  • Computer Science, Engineering
  • First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.
  • 2003
TLDR
The paper provides a blueprint of the IDF, where the requirements to deploy such an infrastructure are discussed, and its architecture and design is described in terms of its basic building blocks and major components. Expand
Detecting Novel Network Intrusions Using Bayes Estimators
TLDR
This work has been funded by AFRL Rome Labs under the contract F 30602-00-2-0512 and aims to detect well-known attacks as well as slight variations of them, by characterizing the rules that govern these attacks. Expand
...
1
2
3
4
5
...