Home // ICIMP 2012, The Seventh International Conference on Internet Monitoring and Protection // View article

Constructing Context-based Non-Critical Alarm Filter in Intrusion Detection

Authors:
Yuxin Meng
Wenjuan Li

Keywords: Intrusion detection; Network security; Non-critical alarm filter; Context-based system

Abstract:
Currently, intrusion detection systems (IDSs) are being widely deployed in various computer networks aiming to detect all kinds of attacks. But the major problem is that a large amount of alarms are generated during their detection and most of them are non-critical alarms. This issue greatly increases the analysis workload and reduces the effectiveness of an IDS. We argue that this bottleneck stems primarily from the lack of contextual information to the intrusion detection systems. To mitigate this issue, we propose an architecture of context-based non-critical alarm filter to help filter out these non-critical alarms. In particular, our alarm filter consists of an indexing component to link input alarms to corresponding contextual information, an analysis engine aims to filter out non-critical alarms according to contextual information and a monitor engine to update index values. In the evaluation part, we explored the initial effectiveness of our non-critical alarm filter in a deployed network environment. The experimental results show that our alarm filter is promising and effective in filtering out non-critical alarms.

Pages: 75 to 81

Copyright: Copyright (c) IARIA, 2012

Publication date: May 27, 2012

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-201-1

Location: Stuttgart, Germany

Dates: from May 27, 2012 to June 1, 2012