dc.contributor | Santos, Osmar Marchi dos | |
dc.contributor | http://lattes.cnpq.br/3867718775277531 | |
dc.contributor | Maziero, Carlos Alberto | |
dc.contributor | http://lattes.cnpq.br/5659788852261811 | |
dc.contributor | Legg, Andrei Piccinini | |
dc.contributor | http://lattes.cnpq.br/9873333807426188 | |
dc.creator | Ceolin Junior, Tarcisio | |
dc.date.accessioned | 2015-02-19 | |
dc.date.available | 2015-02-19 | |
dc.date.created | 2015-02-19 | |
dc.date.issued | 2014-02-28 | |
dc.identifier | CEOLIN JUNIOR, Tarcisio. ALERT CORRELATION IN AN INTERNET EARLY WARNING SYSTEM. 2014. 66 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Santa Maria, Santa Maria, 2014. | |
dc.identifier | http://repositorio.ufsm.br/handle/1/5439 | |
dc.description.abstract | Intrusion Detection Systems (IDS) are designed to monitor the computer network infrastructure
against possible attacks by generating security alerts. With the increase of components
connected to computer networks, traditional IDS are not capable of effectively detecting
malicious attacks. This occurs either by the distributed amount of data that traverses the network
or the complexity of the attacks launched against the network. Therefore, the design of
Internet Early Warning Systems (IEWS) enables the early detection of threats in the network,
possibly avoiding eventual damages to the network resources. The IEWS works as a sink that
collects alerts from different sources (for example, from different IDS), centralizing and correlating
information in order to provide a holistic view of the network. This way, the current
dissertation describes an IEWS architecture for correlating alerts from (geographically) spread
out IDS using the Case-Based Reasoning (CBR) technique together with IP Georeferencing.
The results obtained during experiments, which were executed over the implementation of the
developed technique, showed the viability of the technique in reducing false-positives. This
demonstrates the applicability of the proposal as the basis for developing advanced techniques
inside the extended IEWS architecture. | |
dc.publisher | Universidade Federal de Santa Maria | |
dc.publisher | BR | |
dc.publisher | Ciência da Computação | |
dc.publisher | UFSM | |
dc.publisher | Programa de Pós-Graduação em Informática | |
dc.rights | Acesso Aberto | |
dc.subject | Correlação de alertas | |
dc.subject | Detecção de intrusão | |
dc.subject | Consciência situacional | |
dc.subject | Alert correlation | |
dc.subject | Intrusion detection | |
dc.subject | Internet Early Warning Systems | |
dc.subject | Situational awareness | |
dc.title | Correlação de alertas em um Internet Early Warning Systems | |
dc.type | Dissertação | |