Show simple item record

dc.contributor.authorKlüft, Sebastian
dc.contributor.authorStaaf, Eva Lina
dc.date.accessioned2012-02-28T13:59:30Z
dc.date.available2012-02-28T13:59:30Z
dc.date.issued2012-02-28
dc.identifier.urihttp://hdl.handle.net/2077/28856
dc.description.abstractIntrusion detection systems (IDSs) are important tools helping the network and system administrators to detect intrusions, but have the drawback of many false positives. Due to increasing bandwidth, an IDS must process a vast amount of data, which results in an ever increasing amount of alarms. For a system administrator to be able to handle the alarms they must be aggregated, correlated and ordered into a manageable form and presented in a way which is easy to overview. In this thesis we study aggregation, correlation, filtering and ranking as methods for managing alarms from IDSs. We have implemented a ranking functionality in the graphical user interface Snorby, a front end to the open source IDS Snort. Each alarm starts with a basic rank of 0 and the user is able to prioritize or down prioritize the alarm by pressing either a ’+’ button or a ’-’ button, thus influencing its current rank. The rank is calculated from several features, i.e. source IP, destination IP, destination port and alarm signature. Based on our studies we suggest that ranking systems supported by user votes have several advantages. First, they allow the user to dynamically change the way the IDS lists the alarms through a very simple means. Second, it shortens the time required to locate the more important ones, thus reducing the likelihood that a serious attack will be missed.sv
dc.language.isoengsv
dc.subjectintrusion detection, IDS, correlation, fusion, aggregation, filtering, ranking, alarm managementsv
dc.titleAlarm management for intrusion detection systems - Prioritizing and presenting alarms from intrusion detection systemssv
dc.typetext
dc.setspec.uppsokTechnology
dc.type.uppsokH2
dc.contributor.departmentGöteborgs universitet/Institutionen för data- och informationsteknikswe
dc.contributor.departmentUniversity of Gothenburg/Department of Computer Science and Engineeringeng
dc.type.degreeStudent essay


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record