In response to attack against corporative and enterprise networks, administrators deploy intrusion detection systems, monitors, vulnerability scans and log systems. These systems monitor and record host and network device activities searching for signs of anomalies and security incidents. Doing that, these systems generally produce a huge number of alerts that overwhelms security analysts. This paper proposes the application of a conceptual clustering technique for filtering alerts and shows the results obtained for seven months of security alerts generated in a real large scale SaaS Cloud system. The technique has been useful to support manual analysis activities conducted by the operations team of the reference Cloud system.
An experiment with conceptual clustering for the analysis of security alerts / A., Paudice; S., Sarkar; Cotroneo, Domenico. - (2014), pp. 335-340. (Intervento presentato al convegno IEEE 25th International Symposium on Software Reliability Engineering Workshops tenutosi a Naples nel 2014) [10.1109/ISSREW.2014.82].
An experiment with conceptual clustering for the analysis of security alerts
COTRONEO, DOMENICO
2014
Abstract
In response to attack against corporative and enterprise networks, administrators deploy intrusion detection systems, monitors, vulnerability scans and log systems. These systems monitor and record host and network device activities searching for signs of anomalies and security incidents. Doing that, these systems generally produce a huge number of alerts that overwhelms security analysts. This paper proposes the application of a conceptual clustering technique for filtering alerts and shows the results obtained for seven months of security alerts generated in a real large scale SaaS Cloud system. The technique has been useful to support manual analysis activities conducted by the operations team of the reference Cloud system.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
