TY - GEN
T1 - Alert fusion for a computer host based intrusion detection system
AU - Chuan, Feng
AU - Jianfeng, Peng
AU - Haiyan, Qiao
AU - Rozenblit, Jerzy W.
PY - 2007
Y1 - 2007
N2 - Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.
AB - Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.
UR - http://www.scopus.com/inward/record.url?scp=34250188502&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34250188502&partnerID=8YFLogxK
U2 - 10.1109/ECBS.2007.17
DO - 10.1109/ECBS.2007.17
M3 - Conference contribution
AN - SCOPUS:34250188502
SN - 0769527728
SN - 9780769527727
T3 - Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems
SP - 433
EP - 440
BT - Proceedings - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
T2 - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Y2 - 26 March 2007 through 29 March 2007
ER -