DSpace Repository

Constructing security reports by correlating alerts from IDS sensors

Show simple item record

dc.contributor.author Le Phuc en_US
dc.date.accessioned 2015-01-12T10:40:33Z
dc.date.available 2015-01-12T10:40:33Z
dc.identifier.other AIT Thesis no.CS-06-09 en_US
dc.identifier.uri http://www.cs.ait.ac.th/xmlui/handle/123456789/336
dc.description Pathum Thani, Thailand : Asian Institute of Technology, 2006 en_US
dc.description 57 p. : ill. en_US
dc.description.abstract Intrusion Detection System (IDS) has become an important component in network security infrastructure. Currently, many IDSs are capable of detecting nea rly all of the suspicious activities that may be launched at the information system under sur veillance. Unfortunately, due to the huge volume of alerts produced by these IDSs, it is too complicated for system administrators (human users) to analyze t he output data for intrusion information. Moreover, the elementary in nature of these aler ts makes it difficult to understand the attack scenarios. Therefore, there is a need to proce ss the output data of IDS sensors before submitting it to system administrators. This thesis focuses on building a method of constructing high level and suc cinct security reports by correlating raw alerts produced by IDS sensors. There a re many proposals of alert correlation available currently, the methodology of this thesi s is based on precondition and postcondition of attacks. A system based on this framework is also implemented which gives two types of report: attack graph and table. To build an informative and consistent knowledge base, this thesis considers the use of action language to model attack actions. The system experiment using DARPA datas et 2000 is also discussed.
dc.relation.ispartof Thesis no. CS-06-09 en_US
dc.relation.ispartof Asian Institute of Technology. Thesis no. CS-06-09 en_US
dc.subject Computer security en_US
dc.subject Computers -- Access control en_US
dc.title Constructing security reports by correlating alerts from IDS sensors en_US
dc.type Thesis en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account