Security Investigate

Alert Prioritization in Intrusion Detection Systems

Download now Free registration required

Executive Summary

Intrusion Detection Systems (IDSs) are designed to monitor user and/or network activity and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large; making the task of security analysts difficult to manage. Furthermore, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide imprecise results. In this paper, the authors propose a fuzzy-logic based technique for scoring and prioritizing alerts generated by an IDS. In addition, they present an alert rescoring technique that leads to a further reduction of the number of alerts.

  • Format: PDF
  • Size: 331.82 KB