Analyse intrusion detection system correlate alert using probability model.

• Main Authors: Hsieh, Fu-Ting, 謝富庭
• Other Authors: Jain-Shone Chung
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/43295146935177775339

碩士 === 國防大學中正理工學院 === 資訊科學研究所 === 95 === Intrusion Detection System(IDS) is one of the most important security protection system. Although many research projects exist, we still face a serious problem: a high false positive rate, which makes it a difficult task for human experts to analyze so many attack alerts. IDS usually trigger huge amount of false alerts, with unidentified false alerts, reported to human experts for further investigation and analysis. With this kind of false alert, it is inefficient for human experts to find the real emergent alerts among the tremendous number of alerts. In this paper, we present a method to improve the problem. We analyzed alerts according to its attack correlation and calculated it Bayesian probability. Finally, we got the probabilistic model. We built the analyzer derived probabilistic model. It can help administrator easier and quickly to know which alerts are emergency when the analyzer works. The analyzer also lower administrator’s burden substantially and let the administrator work more efficient.