By Topic

A collaborative architecture for intrusion detection systems with intelligent agents and knowledge-based alert evaluation

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

6 Author(s)
Jinqiao Yu ; Lane Dept. of Comput. Sci. & Electr. Eng., West Virginia Univ., Morgantown, WV, USA ; Y. V. R. Reddy ; S. Selliah ; S. Kankanahalli
more authors

Current reactive and standalone network security products are not capable of withstanding the thriving of diversified network threats. As a result, a security paradigm where integrated security devices or systems collaborate closely to achieve enhanced protection and provide multilayer defenses is emerging. We present a collaborative architecture design for multiple intrusion detection systems to work together to detect real-time network intrusions. The architecture is composed of three parts: collaborative alert aggregation, knowledge-based alert evaluation and alert correlation. The architecture is aimed at reducing the alert overload by correlating from multiple sensors to generate condensed views, reducing false positives by integrating network and host system information and correlating events based on logical relations to generate global and synthesized alert report. The first two parts of the architecture have been implemented and the implementation results are presented in this paper.

Published in:

Computer Supported Cooperative Work in Design, 2004. Proceedings. The 8th International Conference on  (Volume:2 )

Date of Conference:

26-28 May 2004