Abstract
We present a model and architecture that enhance anomaly based intrusion detection system(IDS) with threat-awareness capability. Anomaly based network IDS, profile network traffic to arrive base-line based on which it identifies anomalous events. However, due to dynamic changes in the threat level of a network, only a subset of these identified events are relevant to the network at any given instance. Hence, we introduce the notion of Threat-Awareness for anomaly based network IDS that periodically learns the changing threats in a network and enhance the capability of traditional anomaly based IDS to obtain network specific useful alarms. In this paper, we present a Threat-Aware Anomaly-Based IDS model for obtaining network-specific useful alarms. We also present our architecture and discuss its internal functions. Finally, we present our experiments based on various threat scenarios and the results obtained proves the efficiency of our model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Morin, B., Me, L., Debar, H., Ducasse, M.: M2d2: A formal data model for ids alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 115–137. Springer, Heidelberg (2002)
Gula, R.: Correlating ids alerts with vulnerability information. Tenable Network Security, Technical Report (2007)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing, 146–169 (2004)
Axelsson, S.: Research in intrusion-detection systems: A survey. Technical Report 98–17, Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden (1998)
Kruegel, C., Robertson, W.: Alert verification: Determining the success of intrusion attempts. In: Proceedings of DIMVA 2004 (2004)
Desai, N.: IDS Correlation of VA data and IDS Alerts. Security Focus (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Neelakantan, S., Rao, S. (2008). A Threat-Aware Anomaly-Based Intrusion-Detection Approach for Obtaining Network-Specific Useful Alarms. In: Garg, V., Wattenhofer, R., Kothapalli, K. (eds) Distributed Computing and Networking. ICDCN 2009. Lecture Notes in Computer Science, vol 5408. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92295-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-92295-7_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92294-0
Online ISBN: 978-3-540-92295-7
eBook Packages: Computer ScienceComputer Science (R0)