|
Title: |
An agent-based framework for intrusion detection alert verification and event correlation |
| |
Author: |
Benjamin Uphoff, Johnny S. Wong 
|
| |
Address: |
Los Alamos National Laboratory, Los Alamos, NM, USA. ' Department of Computer Science, Iowa State University, Ames, Iowa, USA |
| |
Journal: |
International Journal of Security and Networks 2008 - Vol. 3, No.3 pp. 193 - 200 |
| |
Abstract: |
In this paper, we present a framework design and implementation that provides a scalable solution for two important components of alert correlation: alert verification and event correlation. In our framework, a broker application maintains a database containing IDS alerts while software agents perform alert verification and event correlation of alert instances. Agents are designed to run on multiple hosts to ensure scalability of complex tasks. Agents communicate with the broker via web service architecture, making them easy to build and deploy in heterogeneous networks. Three IDSs are supported to show that the framework can be applied to differing IDS paradigms. |
| |
Keywords: |
IDS; intrusion detection systems; alert correlation; alert verification; event correlation; software agents; web service; brokers; intrusion alert; agent-based systems; web service architecture; web services; network security. |
| |
DOI: |
10.1504/IJSN.2008.020093 |
| |
Purchase this Paper  Comment on the Paper
|
| |
