Download now Free registration required
Network Intrusion Detection Systems (NIDS) are popular components for a fast detection of network attacks and intrusions, but their efficacy is limited by the high numbers of false alarms that affect them. As a consequence, system administrators, that have to manually manage an overwhelming amount of intrusion alerts, tend to decrease the alarm threshold or even to deactivate most NIDS functions. These weaknesses are frequently exploited by the attackers to avoid or to delay attack detection. In order to improve the efficacy of attack detection and reduce the amount of false positives, the paper proposes a novel scheme for runtime alert management.
- Format: PDF
- Size: 366 KB