A knowledge-based alert evaluation and security decision support framework

被引:0
|
作者
Yu, JQ [1 ]
Reddy, R [1 ]
Selliah, S [1 ]
Reddy, S [1 ]
机构
[1] Illinois Wesleyan Univ, Dept Math & Comp Sci, Bloomington, IL 61701 USA
来源
SAM '05: Proceedings of the 2005 International Conference on Security and Management | 2005年
关键词
IDS; vulnerability; alert management; security decision support; alert correlation;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this paper, a generic architecture for intrusion alert management, analysis and security decision support is described. The architecture is composed of four components: (1)Alert Aggregator, (2)Alert Evaluation and Security Decision Support Component, (3)Alert Correlator and (4)Synthetic Alert Report Generator. The core of this architecture is the Alert Evaluation and Security Decision Support component. The component provides a framework for knowledge-based alert evaluation and security decision support. The framework aims at reducing alert overload and false positive alerts, prioritizing alerts and providing real-time security decision support. This is accomplished by integrating knowledge of the protected network and host asset information and knowledge of known vulnerability requirements as well as specified security policies into the alert evaluation process. The alert evaluation and security decision support component as well as the alert aggregator have been implemented, and the implementation results are presented in this paper.
引用
收藏
页码:194 / 200
页数:7
相关论文
共 50 条
  • [31] Knowledge-based product design decision support system
    Yu, GY
    He, Z
    Lai, CA
    Sun, YM
    PROGRESS OF MACHINING TECHNOLOGY: WITH SOME TOPICS IN ADVANCED MANUFACTURING TECHNOLOGY, 2002, : 887 - 892
  • [32] An architecture for knowledge-based spatial decision support systems
    Zhu, X
    ADVANCES IN GIS RESEARCH II, 1997, : 77 - 88
  • [33] PHYSICIANS WORKSTATION - KNOWLEDGE-BASED INTERACTIVE DECISION SUPPORT
    GROTH, T
    SCANDINAVIAN JOURNAL OF CLINICAL & LABORATORY INVESTIGATION, 1990, 50 : 107 - 108
  • [34] Rough set approach to knowledge-based decision support
    Pawlak, Z
    EUROPEAN JOURNAL OF OPERATIONAL RESEARCH, 1997, 99 (01) : 48 - 57
  • [35] A Knowledge-based Decision Support System for Sulfur Pricing
    Zhou, Qing
    Yao, Jian
    Duan, Wensheng
    Liu, Jianliang
    2012 INTERNATIONAL CONFERENCE ON FUTURE ENERGY, ENVIRONMENT, AND MATERIALS, PT B, 2012, 16 : 784 - 789
  • [36] The research of knowledge-based spatial decision support systems
    Li, GG
    Proceedings of the 2005 International Conference on Management Science & Engineering (12th), Vols 1- 3, 2005, : 303 - 307
  • [37] A KNOWLEDGE-BASED FRAMEWORK FOR PLANNING NONDESTRUCTIVE EVALUATION
    ROBERGE, PR
    EXPERT SYSTEMS, 1995, 12 (02) : 107 - 113
  • [38] Framework for the support of knowledge-based engineering template update
    Kuhn, Olivier
    Dusch, Thomas
    Ghodous, Parisa
    Collet, Pierre
    COMPUTERS IN INDUSTRY, 2012, 63 (05) : 423 - 432
  • [39] Knowledge-based decision support systems for manufacturing decision-making
    Guida, Marco
    Marchesi, Paola
    Basaglia, Giorgio
    Information and decision technologies Amsterdam, 1992, 18 (05): : 347 - 361
  • [40] KNOWLEDGE, UNCERTAINTY AND DECISION - METHODS OF HANDLING UNCERTAINTY IN DECISION SUPPORT AND KNOWLEDGE-BASED SYSTEMS
    GRAHAM, I
    JONES, PL
    JOURNAL OF THE OPERATIONAL RESEARCH SOCIETY, 1986, 37 (12) : 1143 - 1144
12345