Internet Data Centers (IDC) emerge as a major network service platform to converge Internet related services and applications to one location, managing servers, networks, together with valuable and sensitive data of many enterprises. Therefore, an appropriate security approach is essential. Intrusion Detection Systems (IDS) are often deployed in IDC as a security measure to detect real-time intrusions and alert system administrators to take proper handling actions. However, a large number of low-level alerts lacking of classification make their management difficult. To tackle this problem, we propose a Security Alert Management System (SAMS) in which alerts generated by each IDS undergo alert aggregation. By incorporating ISO/IEC 27001 requirements into the ontology, our system classifies and aggregates alerts from multiple sources, providing a consolidated view of security incidents which are compliant with the ISO/IEC 27001 standard. We further facilitate effective handling of security alerts with different urgency classifications via an Alert Management System (AMS).
Alert Management System Security Alerts Alert Aggregation Security Ontology
Terry M. F. Tsang Thomas M.W. Yeung Dickson K.W. Chiu Haiyang Hu Yi Zhuang Hua Hu
Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong Dickson Comput Hangzhou Dianzi University, Hangzhou, China State Key Laboratory for Novel Software Technology, Nanj College of Computer Science and Information Engineering, Zhejiang Gongshang University, China Hangzhou Dianzi University, Hangzhou, China