By Topic

A correlative context-based framework for network intrusion detection system

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Ye Wang ; Dept. of Comput. Sci., Old Dominion Univ., Norfolk, VA, USA ; H. Abdel-Wahab

Intrusion detection system (IDS) is one of the most important security protection mechanisms. Although many IDS commercial products and research projects exist, we still face a serious problem under current systems, a high false positive rate. We observe that current network IDSs don't make full use of the information available from different levels and points of the protected network, and we argue that the utilization of this information is essential. We introduce a new framework for network IDSs based on a network context awareness (NCA) layer as an additional data source to IDSs. We describe the architecture of NCA and methods of how to extract network information into NCA. A correlation engine is presented that works on alerts generated by a specific IDS system (Snort) and NCA information. Our experimental results using simulated attacks show that our proposed solution significantly reduces the false alarm rate and has the potential to greatly improve the efficacy of detecting novel attacks.

Published in:

10th IEEE Symposium on Computers and Communications (ISCC'05)

Date of Conference:

27-30 June 2005