Extending intrusion alert quality framework (IAQF) with new data quality parameters
Loading...
Date
2008-06
Authors
Aik Kian, Eng
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Intrusion Alert Quality Framework (IAQF) is a framework design to enhance and
enrich IDS's alerts with data quality. It main purposes is to assist network and security
engineers in making effective and efficient decisions about the security status of a particular
host. IAQF enriched the alerts generated by IDS/IPS with data quality (alive-correctness, oscorrectness,
service-correctness, etc) scores which used to quantify the alerts score. Current
IAQF's data quality parameters are very limited and detects a small amount of attacks where
other malicious events may escape IAQF data quality verification. This thesis proposed the
improvement to existing IAQF by extending the additional data quality parameters (rules,
weights and formula) to address malicious events such as virus, worm, backdoor and
spyware. The extended IAQF tested in three case studies and it managed to identify 8% to
10% additional malicious alerts compared to the exiting IAQF. The conclusion draws from
this research is that adding more data quality parameters to IAQF improve the identification
of false alert.
Description
Keywords
Alert quality framework (IAQF) , Data quality parameters