You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Distinguishing False From True Alerts in Snort by Data Mining Patterns of Alerts

Tags:
network security

Overview The Snort network intrusion detection system is well known for triggering large numbers of false alerts. In addition, it usually only warns of a potential attack without stating what kind of attack it might be. This paper presents a clustering approach for handling Snort alerts more effectively. Central to this approach is the representation of alerts using the Intrusion Detection Message Exchange Format, which is written in XML. All the alerts for each network session are assembled into a single XML document, thereby representing a pattern of alerts. A novel XML distance measure is proposed to obtain the distance between two such XML documents. A classical clustering algorithm, implemented based on this distance measure, is then applied to group the alert patterns into clusters.

Further White Paper Details
Publisher	Florida State University	File Format	PDF
Date Published	January 2006
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful? 1 out of 3 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Security: New strides in preventing intrusions.

Publisher:
IBM

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

Woods Services Gains Advanced Web Filtering Technology with Bloxx

Publisher:
Bloxx

Tags:
network security

'Auto bug' leaves Navigator wide open

Although intrusion detection software can identify the applet once it is known about, Hayday warned active code on the web will always pose a risk. The user does not need to open an attachment or start a program running to start the attack.

Channel:
Security Strategy

OS Wars: Unix vendors prepare to take on Windows XP

In the last 11 months Win2K has earned 1872 CERTS security alerts and Tru64 earned 80 advisories in five years," he said. Still, the most recent operating system, HP-UX 11i, includes support for Nokia's Wireless Access Protocol (WAP), intrusion...

Channel:
Comment & Analysis

Companies urged to patch Sendmail

Because the vulnerability is contained in an email message, it will bypass firewalls and many intrusion detection systems, said Dan Ingsvaldson, team leader for ISS's vulnerability research group. At present, no attack tool that could exploit the...

New security group gets real with the real world

The computer software and services company also said its partner Pinkerton had adopted as standard CA's eTrust audit, security policy management and intrusion detection software for its investigation and consulting services.

Broadband 'increases security risk fivefold'

UK ISP Star Internet, which commissioned the report, says it is vital for firms to install a firewall to manage the flow of data in and out of their network, an antivirus product that should ideally monitor emails and Web traffic, and intrusion...

2003 sees hackers rise to the task, says NAI chief

To date it has been about intrusion detection. However, the problem now is that with detection it's all very well detecting something but, with the speed of attack being talked about with these Warhol worms, the damage is done "before you've even...

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Network Security White Papers

Distinguishing False From True Alerts in Snort by Data Mining Patterns of Alerts

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific