Skip to main content
SpringerLink
Log in

A Test-Bed for Intrusion Detection Systems Results Post-processing

  • Conference paper
Public Key Infrastructures, Services and Applications (EuroPKI 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8341))

Included in the following conference series:

  • 802 Accesses

Abstract

Intrusion detection systems produce alert sets of low quality. Many post-processing methods have been proposed to make alert sets more meaningful to security analysts. Relevant research has to deal with an important task; implementing proposed methods and carrying out required experiments. In this paper we propose a platform which can be used as a test-bed for conducting intrusion detection alerts post-processing research. All the standard functionality is already implemented for the user, as she has to implement only the core logic of her method. Additionally the platform offer important reuse and evaluation capabilities. Finally we use the platform to implement a previous method of ours, in order to test its usefulness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Dumas, M., Robert, J.-M., McGuffin, M.J.: Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts. IEEE Network 26(6), 12–18 (2012)

    Article  Google Scholar 

  3. Hubballi, N., Biswas, S., Nandi, S.: Network specific false alarm reduction in intrusion detection system. Security and Communication Networks 4(11), 1339–1349 (2011)

    Article  Google Scholar 

  4. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Comput. Netw. 34(4), 579–595 (2000)

    Article  Google Scholar 

  5. Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 12–26 (2000)

    Google Scholar 

  6. Maggi, F., Matteucci, M., Zanero, S.: Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion 10(4), 300–311 (2009)

    Article  Google Scholar 

  7. Mutz, D., Vigna, G., Kemmerer, R.: An experience developing an ids stimulator for the black-box testing of network intrusion detection systems. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 374–383 (December 2003)

    Google Scholar 

  8. Ning, P., Cui, Y., Reeves, D.S.: Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 245–254. ACM (2002)

    Google Scholar 

  9. Puketza, N., Chung, M., Olsson, R.A., Mukherjee, B.: A software platform for testing intrusion detection systems. IEEE Software 14(5), 43–51 (1997)

    Article  Google Scholar 

  10. Puketza, N.J., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A methodology for testing intrusion detection systems. IEEE Transactions on Software Engineering 22(10), 719–729 (1996)

    Article  Google Scholar 

  11. Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: System Administration Conference (1999)

    Google Scholar 

  12. Spathoulas, G.P., Katsikas, S.K.: Reducing false positives in intrusion detection systems. Computers & Security 29(1), 35–44 (2010)

    Article  Google Scholar 

  13. Thomas, C., Balakrishnan, N.: Improvement in intrusion detection with advances in sensor fusion. IEEE Transactions on Information Forensics and Security 4(3), 542–551 (2009)

    Article  Google Scholar 

  14. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1, 146–169 (2004)

    Article  Google Scholar 

  16. Wan, T., Yang, X.D.: Intrudetector: a software platform for testing network intrusion detection algorithms. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC 2001, pp. 3–11 (December 2001)

    Google Scholar 

  17. Zhou, C.V., Leckie, C., Karunasekera, S.: Decentralized multi-dimensional alert correlation for collaborative intrusion detection. Journal of Network and Computer Applications 32(5), 1106–1123 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Digital Systems, University of Piraeus, 150 Androutsou St., Piraeus, GR-18532, Greece

    Georgios Spathoulas, Sokratis K. Katsikas & Anastasios Charoulis

  2. Department of Computer Science and Biomedical Informatics, University of Central Greece, 2-4 Papasiopoulou St., Lamia, GR-35100, Greece

    Georgios Spathoulas

Authors
  1. Georgios Spathoulas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sokratis K. Katsikas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anastasios Charoulis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Digital Systems, University of Piraeus, 150 Androutsou St., 185 32, Piraeus, Greece

    Sokratis Katsikas

  2. Department of Computer Science, University of Malaga, Campus de Teatinos s/n, 29071, Málaga, Spain

    Isaac Agudo

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Spathoulas, G., Katsikas, S.K., Charoulis, A. (2014). A Test-Bed for Intrusion Detection Systems Results Post-processing. In: Katsikas, S., Agudo, I. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2013. Lecture Notes in Computer Science, vol 8341. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53997-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-53997-8_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-53996-1

  • Online ISBN: 978-3-642-53997-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation