CFP last date
22 April 2024
Call for Paper
May Edition
IJCA solicits high quality original research papers for the upcoming May edition of the journal. The last date of research paper submission is 22 April 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

A Survey on IDS Alerts Classification Techniques

by Shashikant Upadhyay, Rajni Ranjan Singh
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 105 - Number 12
Year of Publication: 2014
Authors: Shashikant Upadhyay, Rajni Ranjan Singh
10.5120/18431-9795

Shashikant Upadhyay, Rajni Ranjan Singh . A Survey on IDS Alerts Classification Techniques. International Journal of Computer Applications. 105, 12 ( November 2014), 27-33. DOI=10.5120/18431-9795

@article{ 10.5120/18431-9795,
author = { Shashikant Upadhyay, Rajni Ranjan Singh },
title = { A Survey on IDS Alerts Classification Techniques },
journal = { International Journal of Computer Applications },
issue_date = { November 2014 },
volume = { 105 },
number = { 12 },
month = { November },
year = { 2014 },
issn = { 0975-8887 },
pages = { 27-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume105/number12/18431-9795/ },
doi = { 10.5120/18431-9795 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:37:33.688443+05:30
%A Shashikant Upadhyay
%A Rajni Ranjan Singh
%T A Survey on IDS Alerts Classification Techniques
%J International Journal of Computer Applications
%@ 0975-8887
%V 105
%N 12
%P 27-33
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion detection can be defined as the method of identifying malicious activities that target a network and its resources. The main use of intrusion detection systems (IDS) is to detect attacks against information systems and networks. A main difficulty in the field of intrusion detection is the organization of alerts. Normally IDS's produced numerous alerts, which cannot provide a clear idea to the analyst about what type of alert occur, which type of alert is generated etc. because of the huge number of alerts generated by these systems. One solution of this problem is classifying the alerts. During this paper, we try to represent an overview of IDS alerts classification techniques.

References
  1. Lee, W. , & Stolfo, S. (1998), "Data mining approaches for intrusion detection," In Paper presented at the proceedings of the seventh USENIX security symposium (SECURITY'98). San Antonio, TX.
  2. K. Kendall, "A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems," Massachusetts Institute of Technology Master's Thesis, 1998.
  3. Mohammad Sazzadul Hoque1, Md. Abdul Mukit2 and Md. Abu Naser Bikas3," An Implementation of Intrusion Detection System Using Genetic Algorithm", International Journal of Network Security & Its Applications (IJNSA), Vol. 4, No. 2, March 2012.
  4. Mittal, Mitali, Alisha Khan, and Chetan Agrawal. "A Study of Different Intrusion Detection and Prevension System" International Journal of Scientific & Engineering Research, Volume 4, Issue 8, August-2013. pp. 1526-1531
  5. Intrusion detection FAQ at http://www. sans. org/newlook/resources/IDFAQ/ID_FAQ. html
  6. Hätälä A. , Särs C. , Addams-Moring R. , Virtanen T. , Event data exchange and intrusion alert correlation in heterogeneous networks, Proceedings: 8th Colloquium for Information Systems Security Education West Point, NY, 2004, pp. 84-92.
  7. Sun B. , Wu K. , Pooch U. W. , Alert aggregation in mobile ad hoc networks, ACM WiSE'03, San Diego, California, USA, Sep. 2003.
  8. Valeur F. , Vigna G. , Kruegel C. , Kemmerer R. A. , Comprehensive approach to intrusion detection alert correlation, IEEE Transactions on Dependable and Secure Computing 1(3), 2004,pp. 146-169.
  9. Siraj A. , A unified alert fusion model for intelligent analysis of sensor data in an intrusion detection environment, Ph. D. thesis, Mississippi State University, Aug 2006.
  10. Julisch K. , Mining alarm clusters to improve alarm handling efficiency, Proceedings: 17th Annual Computer Security Applications Conference (ACSAC'01), New Orleans, LA, Dec 2001.
  11. Al-Mamory, S. O. , Zhang, H. : A survey on IDS alerts processing techniques. In: Proceeding of the 6th WSEAS International Conference on Information Security and Privacy (ISP), pp. 69-78 (2007).
  12. Dain O. M. , Cunningham R. K. , Building scenarios from a heterogeneous alert stream, IEEE Transactions on Systems Man and Cybernetics, 2002.
  13. Valdes A. , Skinner K. , Probabilistic alert correlation, Proceedings: Recent Advances in Intrusion Detection, LNCS 2212, 2001, pp. 54-68.
  14. Ning P. , Reeves D. , Cui Y. , Correlating alerts using prerequisites of intrusions, technical report TR-2001-13, Department of Computer Science, North Carolina State University,2001.
  15. Cuppens F. , Miège A. , Alert correlation in a cooperative intrusion detection framework, Proc. IEEE Symposium, Security and Privacy, May 2002.
  16. Wang L. , Liu A. , Jajodia S. , Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts, Computer Communications 29, Apr 2006, pp. 2917- 2933.
  17. Elshoush, H. T. , Osman, I. M. : An Improved Framework for Intrusion Alert Correlation. Lecture Notes in Engineering and Computer Science: Proceedings of the World Congress on Engineering 2012, WCE 2012, 4-6 July, 2012, London, U. K. , pp. 518-523.
  18. A. Valdes and K. Skinner, "Probabilistic alert correlation," in Recent Advances in Intrusion Detection (RAID 2001), ser. Lecture Notes in Computer Science, no. 2212. Springer-Verlag, 2001.
  19. H. Ren, N. Stakhanova, and A. Ghorbani, "An online adaptive approach to alert correlation," in Detection of Intrusions and Malware, and Vulnerability Assessment, ser. Lecture Notes in Computer Science, C. Kreibich and M. Jahnke, Eds. Springer Berlin Heidelberg, 2010, vol. 6201, pp. 153–172.
  20. K. Julisch, "Clustering intrusion detection alarms to support root cause analysis," ACM Trans. Inf. Syst. Secur. , vol. 6, no. 4, pp. 443–471, Nov. 2003.
  21. S. Lee, B. Chung, H. Kim, Y. Lee, C. Park, and H. Yoon, "Real-time analysis of intrusion detection alerts via correlation," Computers & Security, vol. 25, no. 3, pp. 169 – 183, 2006.
  22. H. Debar and A. Wespi, "Aggregation and correlation of intrusion-detection alerts," in Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, ser. RAID '00, 2001, pp. 85–103.
  23. Najwa A. Bakar, Bahari Belaton (2005). Towards Implementing Intrusion Detection Alert Quality Framework. Proceedings of the first International Conference on Distributed Framework for Multimedia Applications 2005. IEEE.
  24. Kruegel C. , Roberstson W. , Vigna G. Using Alert Verification to Identify Successful Intrusion Attempts. In: PIK 27 (2004).
  25. Xuejiao Liu, Debao Xiao, Xi Peng. Towards a Collaborative and Systematic Approach to Alert Verification. In: Journal of Software, Vol. 3, No. 9, December 2008. pg. 77-84.
  26. Pietraszek T. (2004). Using adaptive alert classification to reduce false positives in intrusion detection. Recent advances in Intrusion detection (RAID2004). In: Lecture notes in computer Science. vol. 3324. Sophia Antipolis, France: Springer-Verlag; 2004 pg. 102-124.
  27. Julisch Klaus, Dacier Marc. Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on knowledge discovery and Data mining. Alberta, Canada: Edmonton; 2002. pg. 366-375.
Index Terms

Computer Science
Information Sciences

Keywords

Alert Correlation Classification technique Intrusion Detection system Cyber Attack.

Powered by PhDFocusTM