作者
Luigi Coppolino, Luigi Romano, Salvatore D'Antonio, Massimo Esposito
发表日期
2009/6/24
研讨会论文
2009 International Conference on Network and Service Security
页码范围
1-5
出版商
IEEE
简介
Intrusion detection systems (IDSs) are one of the most widely used technologies for computer security. Regrettably, current solutions are far from perfect, since they either produce a large number of false positives or they can only detect already known attacks. Correlation of information from diverse sources has been proven to be an effective approach for improving IDS performance, i.e. achieving high detection while reducing false positives. In this paper, we propose an IDS solution correlating attack symptoms from diverse information sources, which are collected at different architectural levels, and particularly the network, the DBMS, and the application level. We present an ontology-based approach to correlation, and describe how it can be implemented as a distributed, highly scalable system. The paper contains a thorough discussion of the key issues that we have addressed, and of the technological choices …
学术搜索中的文章
L Coppolino, L Romano, S D'Antonio, M Esposito - 2009 International Conference on Network and Service …, 2009