Methods for post-processing of alerts in intrusion detection: A survey

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Contact

International Journal of Information Security Science
Volume:2 Issue:2
Methods for post-processing of alerts in intrusion detection: A survey

Methods for post-processing of alerts in intrusion detection: A survey

Authors : Georgios SPATHOULAS, Sokratis KATSİKAS

Pages : 64-80

View : 45 | Download : 12

Publication Date : 2013-06-28

Article Type : Research Paper

Abstract :Intrusion detection is an important protection tool for computer systems and networks. In recent years it has become an essential piece in the IT security infrastructure of large organizations. Even though intrusion detection systems are installed in an increasing rate, they are often misused as the quality of alerts they produce is not satisfactory. High alert volume, high false positives rate and low level of information are the main reasons that security analysts cannot take full advantage of intrusion detection alert-sets. The aim of this survey is to summarize intrusion detection alerts` post-processing research, which is categorized in false positives reduction, alerts` correlation and visualisation. The most important efforts in the field are analyzed, while all recent methods are presented. Finally the present and the future of alerts post-processing research field is discussed.
Keywords : Intrusion detection, alerts, post processing, false positives reduction, correlation, visualization

ORIGINAL ARTICLE URL

* There may have been changes in the journal, article,conference, book, preprint etc. informations. Therefore, it would be appropriate to follow the information on the official page of the source. The information here is shared for informational purposes. IAD is not responsible for incorrect or missing information.