{"title":"一种基于上下文的网络入侵检测系统框架","authors":"Ye Wang, H. Abdel-Wahab","doi":"10.1109/ISCC.2005.6","DOIUrl":null,"url":null,"abstract":"Intrusion detection system (IDS) is one of the most important security protection mechanisms. Although many IDS commercial products and research projects exist, we still face a serious problem under current systems, a high false positive rate. We observe that current network IDSs don't make full use of the information available from different levels and points of the protected network, and we argue that the utilization of this information is essential. We introduce a new framework for network IDSs based on a network context awareness (NCA) layer as an additional data source to IDSs. We describe the architecture of NCA and methods of how to extract network information into NCA. A correlation engine is presented that works on alerts generated by a specific IDS system (Snort) and NCA information. Our experimental results using simulated attacks show that our proposed solution significantly reduces the false alarm rate and has the potential to greatly improve the efficacy of detecting novel attacks.","PeriodicalId":315855,"journal":{"name":"10th IEEE Symposium on Computers and Communications (ISCC'05)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A correlative context-based framework for network intrusion detection system\",\"authors\":\"Ye Wang, H. Abdel-Wahab\",\"doi\":\"10.1109/ISCC.2005.6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection system (IDS) is one of the most important security protection mechanisms. Although many IDS commercial products and research projects exist, we still face a serious problem under current systems, a high false positive rate. We observe that current network IDSs don't make full use of the information available from different levels and points of the protected network, and we argue that the utilization of this information is essential. We introduce a new framework for network IDSs based on a network context awareness (NCA) layer as an additional data source to IDSs. We describe the architecture of NCA and methods of how to extract network information into NCA. A correlation engine is presented that works on alerts generated by a specific IDS system (Snort) and NCA information. Our experimental results using simulated attacks show that our proposed solution significantly reduces the false alarm rate and has the potential to greatly improve the efficacy of detecting novel attacks.\",\"PeriodicalId\":315855,\"journal\":{\"name\":\"10th IEEE Symposium on Computers and Communications (ISCC'05)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"10th IEEE Symposium on Computers and Communications (ISCC'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC.2005.6\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th IEEE Symposium on Computers and Communications (ISCC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2005.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A correlative context-based framework for network intrusion detection system
Intrusion detection system (IDS) is one of the most important security protection mechanisms. Although many IDS commercial products and research projects exist, we still face a serious problem under current systems, a high false positive rate. We observe that current network IDSs don't make full use of the information available from different levels and points of the protected network, and we argue that the utilization of this information is essential. We introduce a new framework for network IDSs based on a network context awareness (NCA) layer as an additional data source to IDSs. We describe the architecture of NCA and methods of how to extract network information into NCA. A correlation engine is presented that works on alerts generated by a specific IDS system (Snort) and NCA information. Our experimental results using simulated attacks show that our proposed solution significantly reduces the false alarm rate and has the potential to greatly improve the efficacy of detecting novel attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
