Title page for etd-0110112-183807


[Back to Results | New Search]

URN etd-0110112-183807
Author Min-ying Tsai
Author's Email Address No Public.
Statistics This thesis had been viewed 5337 times. Download 271 times.
Department Information Management
Year 2011
Semester 1
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Mutilple Sensor Anomaly Correlation
Date of Defense 2011-12-28
Page Count 45
Keyword
  • meta-log filtering
  • Alert correlation
  • Abstract IDS (Intrusion Detection System) detect intrusions and generate alerts to administrator. With Internet more and more popular, IDS products a lot of alerts make administrators spend much time to analyze to understand the network situation. Many online services record services details on the log, as the same administrators spend much time to analyze logs. IDS suffer from several limitations : amount of alerts, most of the alerts are false positive, certain attacks may not be detected by IDS. To solve limitations of IDS, four alert correlation techniques : alert attributions similarity, predefined attack scenarios, multi-stage approaches, verification to filter positive alerts. Network attack consist of multiple steps, each step may leave evidences on log or detected by IDS. Service logs record normal and abnormal detail behaviors, IDS alerts record single attack step. Alerts and logs first merge into meta-alert and meta-log. Second, we use two features to filter meta-log. Then, correlate meta-alert and filtered meta-log to produce report to administrators.
    Advisory Committee
  • D. J. Guan - chair
  • Hui-Tang Lin - co-chair
  • Han-Wei Hsiao - co-chair
  • Chia-Mei Chen - advisor
  • Files
  • etd-0110112-183807.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2012-01-10

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys