| dc.creator | Spathoulas, G. P. | en |
| dc.creator | Katsikas, S. K. | en |
| dc.date.accessioned | 2015-11-23T10:48:09Z | |
| dc.date.available | 2015-11-23T10:48:09Z | |
| dc.date.issued | 2013 | |
| dc.identifier | 10.1016/j.cose.2013.03.005 | |
| dc.identifier.issn | 0167-4048 | |
| dc.identifier.uri | http://hdl.handle.net/11615/33256 | |
| dc.description.abstract | Intrusion detection systems (IDS) are among the most common countermeasures against network attacks. In order to improve the alerts obtained from them, various methods of post-processing have been proposed. These methods usually try to alleviate specific drawbacks of intrusion detection. We propose a system that is a post-processing solution. The input of our system is a set of multiple IDS sensors alert sets. Each set's alerts are aggregated in order to improve their quality, before multiple alert sets merge into one general alert set. Then, a low clustering procedure allows the system to hypothesize about missed security events and to create relevant alerts. The main clustering phase comes next, before the final step, in which a clusters graph is generated to produce a high level presentation of the security events. The system has been tested using the DARPA 2000 dataset, as well as a live network dataset, and has produced satisfactory results. (c) 2013 Elsevier Ltd. All rights reserved. | en |
| dc.source | Computers & Security | en |
| dc.source.uri | <Go to ISI>://WOS:000323360000014 | |
| dc.subject | Intrusion detection systems | en |
| dc.subject | Aggregation | en |
| dc.subject | Correlation | en |
| dc.subject | Prediction | en |
| dc.subject | Visualization | en |
| dc.subject | INTRUSION DETECTION | en |
| dc.subject | MOBILE-VISUALIZATION | en |
| dc.subject | Computer Science, Information Systems | en |
| dc.title | Enhancing IDS performance through comprehensive alert post-processing | en |
| dc.type | journalArticle | en |
