1 AIT Asian Institute of Technology
Thesis > School of Engineering and Technology (SET) > Department of Information and Communications Technologies (DICT) > 2006

Constructing security reports by correlating alerts from IDS sensors
AuthorLe Phuc
Call NumberAIT Thesis no.CS-06-09
Subject(s)Computer security
Computers--Access control

NoteA thesis submitted in partial fulfillment of the requirements for the degree of Master of Engineering, School of Engineering and Technology
PublisherAsian Institute of Technology
Series StatementThesis ; no. CS-06-09
Abstractntrusion Detection System (IDS) has become an important component in network security infrastructure. Currently, many IDSs are capable of detecting nearly all of the suspicious activities that may be launched at the information system under surveillance. Unfortunately, due to the huge volume of alerts produced by these IDSs, it is too complicated for system administrators (human users) to analyze the output data for intrusion information. Moreover, the elementary in nature of these alerts makes it difficult to understand the attack scenarios. Therefore, there is a need to process the output data of IDS sensors before submitting it to system administrators. This thesis focuses on building a method of constructing high level and succinct security reports by correlating raw alerts produced by IDS sensors. There are many proposals of alert correlation available currently, the methodology of this thesis is based on precondition and postcondition of attacks. A system based on this framework is also implemented which gives two types of report: attack graph and table. To build an informative and consistent knowledge base, this thesis considers the use of action language to model attack actions. The system experiment using DARPA dataset 2000 is also discussed
Year2006
Corresponding Series Added EntryAsian Institute of Technology. Thesis ; no. CS-06-09
TypeThesis
SchoolSchool of Engineering and Technology (SET)
DepartmentDepartment of Information and Communications Technologies (DICT)
Academic Program/FoSComputer Science (CS)
Chairperson(s)Phan Minh Dung;
Examination Committee(s)Janecek, Paul ;Huynh Trung Luong ;
DegreeThesis (M.Eng.) - Asian Institute of Technology, 2006


Browse by School

Usage Metrics
View Detail0
Read PDF0
Download PDF0