Research on preprocessing technique of alert aggregation

Chengpo Mu*, Bing Shuai

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

In order to solve the problems caused by repetitive IDS alerts, an adaptive alert aggregation approach is proposed in this paper. According to the corresponding alert types, the stay times of aggregate alerts in the buffer area can be adjusted automatically so that the repetitive alerts can be aggregated effectively. The experiments results indicate that by using the adaptive alert aggregation model,the problems caused by repetitive alerts are solved, and a balance between alert amount and alert type is achieved at the same time. As a result, the adaptive alert aggregationapproach not only can provide a strong support for the further alert processing in IDAM &IRS but also can balance the speed and security of a network system.

Original languageEnglish
Title of host publicationProceedings of the 2012 5th International Joint Conference on Computational Sciences and Optimization, CSO 2012
Pages597-600
Number of pages4
DOIs
Publication statusPublished - 2012
Event2012 5th International Joint Conference on Computational Sciences and Optimization, CSO 2012 - Harbin, Heilongjiang, China
Duration: 23 Jun 201226 Jun 2012

Publication series

NameProceedings of the 2012 5th International Joint Conference on Computational Sciences and Optimization, CSO 2012

Conference

Conference2012 5th International Joint Conference on Computational Sciences and Optimization, CSO 2012
Country/TerritoryChina
CityHarbin, Heilongjiang
Period23/06/1226/06/12

Keywords

  • Alert aggregation
  • Alert processing
  • Intrusion detectio
  • Intrusion response

Fingerprint

Dive into the research topics of 'Research on preprocessing technique of alert aggregation'. Together they form a unique fingerprint.

Cite this