Sciweavers

ECBS
2007
IEEE

Alert Fusion for a Computer Host Based Intrusion Detection System

14 years 1 months ago
Alert Fusion for a Computer Host Based Intrusion Detection System
Intrusions impose tremendous threats to today’s computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.
Chuan Feng, Jianfeng Peng, Haiyan Qiao, Jerzy W. R
Added 18 Oct 2010
Updated 18 Oct 2010
Type Conference
Year 2007
Where ECBS
Authors Chuan Feng, Jianfeng Peng, Haiyan Qiao, Jerzy W. Rozenblit
Comments (0)