Browse > Article
http://dx.doi.org/10.13089/JKIISC.2002.12.4.29

An Aggregate Detection Method for Improved Sensitivity using Correlation of Heterogeneous Intrusion Detection Sensors  

김용민 (전남대학교 대학원 전산통계학과)
김민수 (전남대학교 정보보호협동과정)
김홍근 (한국정보보호진흥원)
노봉남 (전남대학교 컴퓨터정보학부)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.12, no.4, 2002 , pp. 29-39 More about this Journal
Abstract
In general, the intrusion detection method of anomalous behaviors has high false alarm rate which contains false-positive and false-negative. To increase the sensitivity of intrusion detection, we propose a method of aggregate detection to reduce false alarm rate by using correlation between misuse activity detection sensors and anomalous ones. For each normal behavior and anomalous one, we produce the reflection rate between the result from one sensor and another in off-line. Then, we apply this rate to the result of real-time detection to reduce false alarm rate.
Keywords
IDS; detection sensor; aggregate detection; correlation;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 EMERALD:Event Monitoring Enabling Responses To Anomalous Live Disturbances /
[ P.A.Porras;P.G.Neumann ] / Proc.of the 20th National Information Systems Security Conference
2 An Intrusion-Detection Model /
[ D.E.Denning ] / IEEE Trans.on Software Engineering
3 Intrusion Detection : a Survey /
[ M.Esmaili;R.Safavi-Naini;J.Pieprzyk ] / International Conference in Computer Communication
4 JAM:Java Agents for Meta-learning over Distributed Databases /
[ S.J.Stolfo(et al) ] / Proc.of KDD-97 (runner up best paper,applications) and AAAI97 Workshop on AI Methods in Fraud and Risk Management
5 A Survey of Intrusion Detection Techniques /
[ T.F.Lunt ] / Computer & Security
6 GrIDS-A Graph Based Intrusion Detection System for Large Networks /
[ S.Staniford-Chen(et al) ] / In Proceedings of the 19th National Information Systems Security Conference
7 Transaction-based Anomaly Detection /
[ R.Buschkes;M.Borning;D.Kesdogan ] / Proc.of the Workshop on Intrusion Detection and Network monitoring,USENIX
8 An Approach to Sensor Correlation /
[ A.Valdes;K.Skinner ] / 3rd International Workshop on the Recent Advances in Intrusion Detection
9 Probabilistic Alert Correlation /
[ A.Valdes;K.Skinner ] / 4th International Symposium on the Recent Advances in Intrusion Detection
10 /
[ 한국정보보호진흥원 ] / 정보통신기반구조 보호기술개발
11 Continuous Assessment of an Unix Configuration:Intergrating Intrusion Detection and Configuration Analysis /
[ A.Mounji;B.L.Charlier ] / Proc.of Symposium on Network and Distributed System Security
12 Expert Systems in Intrusion Detection :A Case Study /
[ M.Sebring;E.Shellhouse;M.Hanna;R.Whitehurst ] / Proc.of 11th National Computer Security Conference
13 Defending a Computer System using Autonomous Agents /
[ M.Crosbie;E.H.Spafford ] / Proc.of the 18th National Information Systems Security Conference
14 Aggregation and Correlation of Intrusion-Detection Alerts /
[ H.Debar;A.Wespi ] / IBM Research Report,RZ 3360
15 Survivability of Large Scale Systems /
[ ITO ] / DARPA/ITO