Presenting a New Method to Classify Alerts Received from Intrusion Detection Systems

  •  Farshid Pourabbas    
  •  Adem Karahoca    


With the growth of the internet networks today, security of data exchange is considered as an important task. Therefore, the use of security tools is increasing day by day. Intrusion detection systems are among these tools. They are only able to labela message received from a network as‘alert’,but they are unable to describe system status. Some methods have been developed to solve the above problem through correlating the alerts received from intrusion detection systems. By correlating the interrelated alerts, the methods would be able to describe system status. One of the steps of correlation methods of alerts is to classify them. System status can be described better when classification is performed efficiently. Here, we present a method for classifying alerts.

This work is licensed under a Creative Commons Attribution 4.0 License.