loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Thomas Heyman ; Bart De Win ; Christophe Huygens and Wouter Joosen

Affiliation: IBBT / DistriNet, Katholieke Universiteit Leuven, Belgium

Abstract: Intrusion detection systems (IDS) suffer from a lack of scalability. Alert correlation has been introduced to address this challenge and is generally considered to be the major part of the solution. One of the steps in the correlation process is the verification of alerts. We have identified the relationships and interactions between correlation and verification. An overview of verification tests proposed in literature is presented and refined. Our contribution is to integrate these tests in an extensible generic framework for verification that enables further experimentation. A proof-of-concept implementation is presented and a first evaluation is made. We conclude that verification is a viable extension to the intrusion detection process. Its effectiveness is highly dependent on contextual information.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.80.144.110

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Heyman, T.; De Win, B.; Huygens, C. and Joosen, W. (2006). Improving Intrusion Detection through Alert Verification. In Proceedings of the 4th International Workshop on Security in Information Systems (ICEIS 2006) - WOSIS; ISBN 978-972-8865-52-8, SciTePress, pages 207-216. DOI: 10.5220/0002499602070216

@conference{wosis06,
author={Thomas Heyman. and Bart {De Win}. and Christophe Huygens. and Wouter Joosen.},
title={Improving Intrusion Detection through Alert Verification},
booktitle={Proceedings of the 4th International Workshop on Security in Information Systems (ICEIS 2006) - WOSIS},
year={2006},
pages={207-216},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002499602070216},
isbn={978-972-8865-52-8},
}

TY - CONF

JO - Proceedings of the 4th International Workshop on Security in Information Systems (ICEIS 2006) - WOSIS
TI - Improving Intrusion Detection through Alert Verification
SN - 978-972-8865-52-8
AU - Heyman, T.
AU - De Win, B.
AU - Huygens, C.
AU - Joosen, W.
PY - 2006
SP - 207
EP - 216
DO - 10.5220/0002499602070216
PB - SciTePress