Aggregating IDS Alerts Based on Time Threshold: Testing and Results

Authors

  • Homam Reda El-Taj Fahad Bin Sultan University, P.O.Box 15700, Tabuk 71454, Kingdom of Saudi Arabia

DOI:

https://doi.org/10.24297/ijct.v11i2.1175

Keywords:

Network security, Intrusion Detection System, Redundant Alerts, Alert Aggregation, Alert Correlation

Abstract

Every secure system has the possibility to fail. Therefore, extra effort should be taken to protect these systems. Intrusion Detection Systems (IDSs) had been proposed with the aim of providing extra protection to security systems. These systems trigger thousands of alerts per day, which prompt security analysts to verify each alert for relevance and severity based on an aggregation criterion. Several aggregation methods have been proposed to collect these alerts. This paper presents our threshold aggregation system (TAS). Results shows that TAS aggregates IDS alerts accurately based on user demands and threshold value.

Downloads

Download data is not yet available.

Author Biography

Homam Reda El-Taj, Fahad Bin Sultan University, P.O.Box 15700, Tabuk 71454, Kingdom of Saudi Arabia

Assistant Prof, Computer Sconce Department

Downloads

Published

2013-10-10

How to Cite

El-Taj, H. R. (2013). Aggregating IDS Alerts Based on Time Threshold: Testing and Results. INTERNATIONAL JOURNAL OF COMPUTERS &Amp; TECHNOLOGY, 11(2), 2216–2225. https://doi.org/10.24297/ijct.v11i2.1175

Issue

Vol. 11 No. 2 (2013)

Section

Research Articles
Crossref
Scopus
Google Scholar
Europe PMC