A Test-Bed for Intrusion Detection Systems Results Post-processing

Intrusion detection systems produce alert sets of low quality. Many post-processing methods have been proposed to make alert sets more meaningful to security analysts. Relevant research has to deal with an important task; implementing proposed methods and carrying out required experiments. In this paper we propose a platform which can be used as a test-bed for conducting intrusion detection alerts post-processing research. All the standard functionality is already implemented for the user, as she has to implement only the core logic of her method. Additionally the platform offer important reuse and evaluation capabilities. Finally we use the platform to implement a previous method of ours, in order to test its usefulness.

[1]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[2]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[3]  N. Balakrishnan,et al.  Improvement in Intrusion Detection With Advances in Sensor Fusion , 2009, IEEE Transactions on Information Forensics and Security.

[4]  Maxime Dumas,et al.  Alertwheel: radial bipartite graph visualization applied to intrusion detection system alerts , 2012, IEEE Network.

[5]  Christopher Leckie,et al.  Decentralized multi-dimensional alert correlation for collaborative intrusion detection , 2009, J. Netw. Comput. Appl..

[6]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[7]  Sokratis K. Katsikas,et al.  Reducing false positives in intrusion detection systems , 2010, Comput. Secur..

[8]  Tao Wan,et al.  IntruDetector: a software platform for testing network intrusion detection algorithms , 2001, Seventeenth Annual Computer Security Applications Conference.

[9]  Biswanath Mukherjee,et al.  A Software Platform for Testing Intrusion Detection Systems , 1997, IEEE Softw..

[10]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[12]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[13]  Giovanni Vigna,et al.  An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[14]  Stefano Zanero,et al.  Reducing false positives in anomaly detectors through fuzzy alert aggregation , 2009, Inf. Fusion.

[15]  Biswanath Mukherjee,et al.  A Methodology for Testing Intrusion Detection Systems , 1996, IEEE Trans. Software Eng..

[16]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[17]  Santosh Biswas,et al.  Network specific false alarm reduction in intrusion detection system , 2011, Secur. Commun. Networks.