ISSN : 1796-217X
Volume : 3    Issue : 9    Date : December 2008

Towards a Collaborative and Systematic Approach to Alert Verification
Xuejiao Liu, Debao Xiao, and Xi Peng
Page(s): 77-84
Full Text:
PDF (249 KB)

With the menace of hackers increasing every day, even well administrated networks are vulnerable
to attack. Therefore, securing network assets has become a significant issue for the corporate
world. Traditionally, the tools used for network security involve the firewall systems, the intrusion
detection system (IDS), the anti-virus software, the vulnerability scanning software. Each of the
above, used independently or in conjunction, is not capable of withstanding the onslaught of various
network threats. To solve the problem, collaborative security paradigms, which integrate some
security devices closely to provide accurate alerts and attain enhanced protection are emerging. In
this paper we present a collaborative framework of vulnerability-based alert verification. Along with
conducting systematic analyses on contextual information modeling, alert verification is applied
above intrusion detection aimed at helping determine whether the attack was successful or not.
Based on the confidence assigned in the process of verification, appropriate actions can be taken
to deal with the attacks. That confidence enables an administrator to perform further analysis:
identifying the alerts and prioritizing defense accordingly.

Index Terms
Vulnerability Analysis, Intrusion Detection, Alert Verification, Collaborative