HANDLING IDS’ RELIABILITY IN ALERT CORRELATION - A Bayesian Network-based Model for Handling IDS’s Reliability and Controlling Prediction/False Alarm Rate Tradeoffs

Karim Tabia; Philippe Leray

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

HANDLING IDS’ RELIABILITY IN ALERT CORRELATION - A Bayesian Network-based Model for Handling IDS’s Reliability and Controlling Prediction/False Alarm Rate Tradeoffs

Topics: Intrusion Detection & Prevention; Intrusion Detection and Vulnerability Assessment

In Proceedings of the International Conference on Security and Cryptography - Volume 0ICETE, 14-24, 2010 , University of Piraeus, Greece

Authors: Karim Tabia and Philippe Leray

Affiliation: Ecole Polytechnique de Nantes, France

Keyword(s): Bayesian networks, Alert correlation, IDSs’ reliability, Pearl’s virtual evidence method, Reject option.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: Probabilistic graphical models are very efficient modeling and reasoning tools. In this paper, we propose an efficient and novel Bayesian network model for a major problem in alert correlation which plays a crucial role in nowadays computer security. Indeed, the use of multiple intrusion detection systems (IDSs) and complementary approaches is fundamental to improve the overall detection rates. This however inevitably rises huge amounts of alerts most of which are redundant and false alarms making the manual analysis of all the amounts of triggered alerts intractable. In this paper, we first propose a Bayesian network-based model allowing to handle the reliability of IDSs when predicting severe attacks by correlating the alerts reported by the IDSs monitoring the network. Then we propose a flexible and efficient approach especially designed to limit the false alarm rates by controlling the confidence of the prediction model. Finally, we provide experimental studies carried out on a real and representative alert corpus showing significant improvements regarding the tradeoffs between the prediction rates and the corresponding false alarm ones. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.116.24.105

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Tabia, K. and Leray, P. (2010). HANDLING IDS’ RELIABILITY IN ALERT CORRELATION - A Bayesian Network-based Model for Handling IDS’s Reliability and Controlling Prediction/False Alarm Rate Tradeoffs. In Proceedings of the International Conference on Security and Cryptography (ICETE 2010) - SECRYPT; ISBN 978-989-8425-18-8; ISSN 2184-3236, SciTePress, pages 14-24. DOI: 10.5220/0002949800140024

@conference{secrypt10,
author={Karim Tabia. and Philippe Leray.},
title={HANDLING IDS’ RELIABILITY IN ALERT CORRELATION - A Bayesian Network-based Model for Handling IDS’s Reliability and Controlling Prediction/False Alarm Rate Tradeoffs},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2010) - SECRYPT},
year={2010},
pages={14-24},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002949800140024},
isbn={978-989-8425-18-8},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2010) - SECRYPT
TI - HANDLING IDS’ RELIABILITY IN ALERT CORRELATION - A Bayesian Network-based Model for Handling IDS’s Reliability and Controlling Prediction/False Alarm Rate Tradeoffs
SN - 978-989-8425-18-8
IS - 2184-3236
AU - Tabia, K.
AU - Leray, P.
PY - 2010
SP - 14
EP - 24
DO - 10.5220/0002949800140024
PB - SciTePress