A Collaborative Architecture for Intrusion Detection Systems with Intelligent Agents and Knowledge-Based Alert Evaluation
Current reactive and standalone network securityproducts are not capable of withstanding the thriving ofdiversified network threats. As a result, a new securityparadigm where integrated security devices or systemscollaborate closely to achieve enhanced protection andprovide multi-layer defenses is emerging. In this paper,we present a collaborative architecture design formultiple intrusion detection systems to work together todetect real-time network intrusions. The architecture iscomposed of three parts: Collaborative AlertAggregation, Knowledge-based Alert Evaluation andAlert Correlation. The architecture is aimed at reducingthe alert overload by correlating from multiple sensorsto generate condensed views, reducing false positivesby integrating network and host system information andcorrelating events based on logical relations to generateglobal and synthesized alert report. The first two partsof the architecture have been implemented and theimplementation results are presented in this paper.
Jinqiao Yu Y. V. Ramana Reddy Sentil SeUiah Srinivas Kankanahalli Sumitra Reddy Vijayanand Bharadwaj
SIPLab,Concurrent Engineering Research Center Lane Department of Computer Science and Electrical Engineering West Virginia University Morgantown,WV26506
国际会议
厦门
英文
271-276
2004-05-26(万方平台首次上网日期,不代表论文的发表时间)