Abstract
Intrusion detection systems produce alert sets of low quality. Many post-processing methods have been proposed to make alert sets more meaningful to security analysts. Relevant research has to deal with an important task; implementing proposed methods and carrying out required experiments. In this paper we propose a platform which can be used as a test-bed for conducting intrusion detection alerts post-processing research. All the standard functionality is already implemented for the user, as she has to implement only the core logic of her method. Additionally the platform offer important reuse and evaluation capabilities. Finally we use the platform to implement a previous method of ours, in order to test its usefulness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Dumas, M., Robert, J.-M., McGuffin, M.J.: Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts. IEEE Network 26(6), 12–18 (2012)
Hubballi, N., Biswas, S., Nandi, S.: Network specific false alarm reduction in intrusion detection system. Security and Communication Networks 4(11), 1339–1349 (2011)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Comput. Netw. 34(4), 579–595 (2000)
Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 12–26 (2000)
Maggi, F., Matteucci, M., Zanero, S.: Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion 10(4), 300–311 (2009)
Mutz, D., Vigna, G., Kemmerer, R.: An experience developing an ids stimulator for the black-box testing of network intrusion detection systems. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 374–383 (December 2003)
Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 245–254. ACM (2002)
Puketza, N., Chung, M., Olsson, R.A., Mukherjee, B.: A software platform for testing intrusion detection systems. IEEE Software 14(5), 43–51 (1997)
Puketza, N.J., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering 22(10), 719–729 (1996)
Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: System Administration Conference (1999)
Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Computers & Security 29(1), 35–44 (2010)
Thomas, C., Balakrishnan, N.: Improvement in intrusion detection with advances in sensor fusion. IEEE Transactions on Information Forensics and Security 4(3), 542–551 (2009)
Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1, 146–169 (2004)
Wan, T., Yang, X.D.: Intrudetector: a software platform for testing network intrusion detection algorithms. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC 2001, pp. 3–11 (December 2001)
Zhou, C.V., Leckie, C., Karunasekera, S.: Decentralized multi-dimensional alert correlation for collaborative intrusion detection. Journal of Network and Computer Applications 32(5), 1106–1123 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Spathoulas, G., Katsikas, S.K., Charoulis, A. (2014). A Test-Bed for Intrusion Detection Systems Results Post-processing. In: Katsikas, S., Agudo, I. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2013. Lecture Notes in Computer Science, vol 8341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53997-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-53997-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-53996-1
Online ISBN: 978-3-642-53997-8
eBook Packages: Computer ScienceComputer Science (R0)