Alert fusion for a computer host based intrusion detection system

Feng Chuan, Peng Jianfeng, Qiao Haiyan, Jerzy W. Rozenblit

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Scopus citations

Abstract

Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.

Original languageEnglish (US)
Title of host publicationProceedings - 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Subtitle of host publicationRaising Expectations of Computer-Based Systems
Pages433-440
Number of pages8
DOIs
StatePublished - 2007
Event14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007 - Tucson, AZ, United States
Duration: Mar 26 2007Mar 29 2007

Publication series

NameProceedings of the International Symposium and Workshop on Engineering of Computer Based Systems

Other

Other14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
Country/TerritoryUnited States
CityTucson, AZ
Period3/26/073/29/07

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Fingerprint

Dive into the research topics of 'Alert fusion for a computer host based intrusion detection system'. Together they form a unique fingerprint.

Cite this