Asynchronous Alert Correlation in Multi-agent Intrusion Detection Systems

2005 ◽  
pp. 366-379 ◽  
Author(s):  
Vladimir Gorodetsky ◽  
Oleg Karsaev ◽  
Vladimir Samoilov ◽  
Alexander Ulanov
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Alert Correlation ◽  
Detection Systems ◽  
Multi Agent

Intrusion Detection of Cyber-Physical Attacks in Manufacturing Systems: A Review

2019 ◽  
Author(s):  
Mingtao Wu ◽  
Young B. Moon
Keyword(s):  
Intrusion Detection ◽  
Manufacturing Systems ◽  
High Volume ◽  
Cyber Attacks ◽  
Intrusion Detection Systems ◽  
Detection Methods ◽  
False Alarms ◽  
Alert Correlation ◽  
Acoustic Image ◽  
Detection Systems

Abstract Cyber-physical manufacturing system is the vision of future manufacturing systems where physical components are fully integrated through various networks and the Internet. The integration enables the access to computation resources that can improve efficiency, sustainability and cost-effectiveness. However, its openness and connectivity also enlarge the attack surface for cyber-attacks and cyber-physical attacks. A critical challenge in defending those attacks is that current intrusion detection methods cannot timely detect cyber-physical attacks. Studies showed that the physical detection provides a higher accuracy and a shorter respond time compared to network-based or host-based intrusion detection systems. Moreover, alert correlation and management methods help reducing the number of alerts and identifying the root cause of the attack. In this paper, the intrusion detection research relevant to cyber-physical manufacturing security is reviewed. The physical detection methods — using side-channel data, including acoustic, image, acceleration, and power consumption data to disclose attacks during the manufacturing process — are analyzed. Finally, the alert correlation methods — that manage the high volume of alerts generated from intrusion detection systems via logical relationships to reduce the data redundancy and false alarms — are reviewed. The study show that the cyber-physical attacks are existing and rising concerns in industry. Also, the increasing efforts in cyber-physical intrusion detection and correlation research can be utilized to secure the future manufacturing systems.

scholarly journals A Survey on Multi-Agent Based Collaborative Intrusion Detection Systems

2021 ◽  
Vol 11 (2) ◽  
pp. 111-142
Author(s):  
Nassima Bougueroua ◽  
Smaine Mazouzi ◽  
Mohamed Belaoued ◽  
Noureddine Seddari ◽  
Abdelouahid Derhab ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Cyber Security ◽  
Intrusion Detection Systems ◽  
Multi Agent Systems ◽  
Research Issues ◽  
Detection Systems ◽  
Multi Agent ◽  
Collaborative Intrusion Detection ◽  
Complex Phenomena ◽  
General Architecture

Abstract Multi-Agent Systems (MAS) have been widely used in many areas like modeling and simulation of complex phenomena, and distributed problem solving. Likewise, MAS have been used in cyber-security, to build more efficient Intrusion Detection Systems (IDS), namely Collaborative Intrusion Detection Systems (CIDS). This work presents a taxonomy for classifying the methods used to design intrusion detection systems, and how such methods were used alongside with MAS in order to build IDS that are deployed in distributed environments, resulting in the emergence of CIDS. The proposed taxonomy, consists of three parts: 1) general architecture of CIDS, 2) the used agent technology, and 3) decision techniques, in which used technologies are presented. The proposed taxonomy reviews and classifies the most relevant works in this topic and highlights open research issues in view of recent and emerging threats. Thus, this work provides a good insight regarding past, current, and future solutions for CIDS, and helps both researchers and professionals design more effective solutions.

scholarly journals Multilevel Intrusion Alert Post-processing for the Elimination of False Positives

2021 ◽  
Vol 9 (8) ◽  
pp. 2458-2468
Author(s):  
Riyad AM
Keyword(s):  
Intrusion Detection ◽  
Detection System ◽  
False Positives ◽  
Intrusion Detection Systems ◽  
Post Processing ◽  
Alert Correlation ◽  
Detection Systems ◽  
Correlation Graph ◽  
Multi Level ◽  
Intrusion Alerts

Abstract: Intrusion detection systems are the last line of defence in the network security domain. Improving the performance of intrusion detection systems always increase false positives. This is a serious problem in the field of intrusion detection. In order to overcome this issue to a great extend, we propose a multi level post processing of intrusion alerts eliminating false positives produced by various intrusion detection systems in the network. For this purpose, the alerts are normalized first. Then, a preliminary alert filtration phase prioritize the alerts and removes irrelevant alerts. The higher priority alerts are then aggregated to fewer numbers of hyper alerts. In the final phase, alert correlation is done and alert correlation graph is constructed for finding the causal relationship among the alerts which further eliminates false positives. Experiments were conducted on LLDOS 1.0 dataset for verifying the approach and measuring the accuracy. Keywords: Intrusion detection system, alert prioritization, alert aggregation, alert correlation, LLDOS 1.0 dataset, alert correlation graph.

Sign in / Sign up

Export Citation Format

Share Document