Network Intrusion Detection Systems (NIDS) are popular components for a fast detection of network attacks and intrusions, but their efficacy is limited by the high numbers of false alarms that affect them. As a consequence, system administrators,that have to manually manage an overwhelming amount of intrusion alerts, tend to decrease the alarm threshold or even to deactivate most NIDS functions. These weaknesses are frequently exploited by the attackers to avoid or to delay attackdetection.In order to improve the efficacy of attack detection and reduce the amount of false positives, we propose a novel scheme for runtime lert management. It filters innocuous attacks by taking advantage of the correlation between the NIDS alerts and detailed information concerning the protected information systems, that is retrieved from heterogeneous and unstructured data sources. Thanks to the proposed scheme, an alert is sent to the system administrator only if an attack threatens some real vulnerability of the protected hosts. Otherwise, as it occurs in the large majority of the cases, the alert is stored for a subsequent offline analysis. The viability and efficacy of the proposed solution are demonstrated through an operative prototype that has been tested in networks subject to realistic attacks.
|Data di pubblicazione:||2008|
|Titolo:||Selective alerts for run-time protection of distributed systems|
|Autore/i:||Colajanni, Michele; Gozzi, Daniele; Marchetti, Mirco|
|Nome del convegno:||Data Mining 2008|
|Luogo del convegno:||Cadiz, Spain|
|Data del convegno:||26 - 28 May 2008|
|Citazione:||Selective alerts for run-time protection of distributed systems / Colajanni, Michele; Gozzi, Daniele; Marchetti, Mirco. - STAMPA. - (2008), pp. N/A-N/A. ((Intervento presentato al convegno Data Mining 2008 tenutosi a Cadiz, Spain nel 26 - 28 May 2008.|
|Tipologia||Relazione in Atti di Convegno|
File in questo prodotto:
I documenti presenti in Iris Unimore sono rilasciati con licenza Creative Commons Attribuzione - Non commerciale - Non opere derivate 3.0 Italia, salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris