Alert fusion for a computer host based intrusion detection system

Feng Chuan, Peng Jianfeng, Qiao Haiyan, Jerzy W Rozenblit

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.

Original languageEnglish (US)
Title of host publicationProceedings of the International Symposium and Workshop on Engineering of Computer Based Systems
Pages433-440
Number of pages8
DOIs
StatePublished - 2007
Event14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007 - Tucson, AZ, United States
Duration: Mar 26 2007Mar 29 2007

Other

Other14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007
CountryUnited States
CityTucson, AZ
Period3/26/073/29/07

Fingerprint

Intrusion detection
Computer systems
Fusion reactions
Engines

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this

Chuan, F., Jianfeng, P., Haiyan, Q., & Rozenblit, J. W. (2007). Alert fusion for a computer host based intrusion detection system. In Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems (pp. 433-440). [4148960] https://doi.org/10.1109/ECBS.2007.17

Alert fusion for a computer host based intrusion detection system. / Chuan, Feng; Jianfeng, Peng; Haiyan, Qiao; Rozenblit, Jerzy W.

Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. p. 433-440 4148960.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chuan, F, Jianfeng, P, Haiyan, Q & Rozenblit, JW 2007, Alert fusion for a computer host based intrusion detection system. in Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems., 4148960, pp. 433-440, 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECBS 2007, Tucson, AZ, United States, 3/26/07. https://doi.org/10.1109/ECBS.2007.17
Chuan F, Jianfeng P, Haiyan Q, Rozenblit JW. Alert fusion for a computer host based intrusion detection system. In Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. p. 433-440. 4148960 https://doi.org/10.1109/ECBS.2007.17
Chuan, Feng ; Jianfeng, Peng ; Haiyan, Qiao ; Rozenblit, Jerzy W. / Alert fusion for a computer host based intrusion detection system. Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems. 2007. pp. 433-440
@inproceedings{a6bdac68801146d299b6f84bc3f18d3e,
title = "Alert fusion for a computer host based intrusion detection system",
abstract = "Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.",
author = "Feng Chuan and Peng Jianfeng and Qiao Haiyan and Rozenblit, {Jerzy W}",
year = "2007",
doi = "10.1109/ECBS.2007.17",
language = "English (US)",
isbn = "0769527728",
pages = "433--440",
booktitle = "Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems",

}

TY - GEN

T1 - Alert fusion for a computer host based intrusion detection system

AU - Chuan, Feng

AU - Jianfeng, Peng

AU - Haiyan, Qiao

AU - Rozenblit, Jerzy W

PY - 2007

Y1 - 2007

N2 - Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.

AB - Intrusions impose tremendous threats to today's computer hosts. Intrusions using security breaches to achieve unauthorized access or misuse of critical information can have catastrophic consequences. To protect computer hosts from the increasing threat of intrusion, various kinds of Intrusion Detection Systems (IDSs) have been developed. The main disadvantages of current IDSs are a high false detection rate and the lack of post-intrusion decision support capability. To minimize these drawbacks, we propose an event-driven intrusion detection architecture which integrates Subject-Verb-Object (SVO) multi-point monitors and an impact analysis engine. Alert fusion and verification models are implemented to provide more reasonable intrusion information from incomplete, inconsistent or imprecise alerts acquired by SVO monitors. DEVS formalism is used to describe the model based design approach. Finally we use the DEVS-JAVA simulation tool to show the feasibility of the proposed system.

UR - http://www.scopus.com/inward/record.url?scp=34250188502&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34250188502&partnerID=8YFLogxK

U2 - 10.1109/ECBS.2007.17

DO - 10.1109/ECBS.2007.17

M3 - Conference contribution

AN - SCOPUS:34250188502

SN - 0769527728

SN - 9780769527727

SP - 433

EP - 440

BT - Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems

ER -