Show simple item record

dc.contributor.authorGolling, Mario
dc.contributor.authorKoch, Robert
dc.contributor.authorDreo Rodosek, Gabi
dc.contributor.editorMüller, Paul
dc.contributor.editorNeumair, Bernhard
dc.contributor.editorRaiser, Helmut
dc.contributor.editorDreo Rodosek, Gabi
dc.date.accessioned2017-06-20T11:04:53Z
dc.date.available2017-06-20T11:04:53Z
dc.date.issued2017
dc.identifier.isbn978-3-88579-665-7
dc.identifier.issn1617-5468
dc.description.abstractEspecially in the area of Intrusion Detection, the concept as well as the understanding of the term "risk" is of fundamental irnportance. Generally, risk assessment represents an important means of evaluating certain situations, plans, events or systems in a systematic and comprehensive procedure. As in other areas, within the field of IT security, the systematic assessment process (risk analysis) also aims at recomrnending how to allocate available resources. Referring to this, both, the categorization oftraffic (whether traffic has to be classified as an attack or not - "benign vs. malicious") as we11 as a corresponding estimation of the expected damage (severity) are of central importance. Therefore, within this publication, the authors address the following questions in detail: (1) To what extent are the detection results of different IDSs comparable - with regard to the assessment of the risk / extent of damage - or are there strong deviations? (2) How do both vendor-dependent and vendor-independent alerts address the topic of risk assessment and enable the implementation of a comprehensive risk concept? To this end, at the heart of this paper, an overview as weil as an evaluation of important representatives of open source IDSs is presented, focusing on methods for risk assessment resp. risk rating including cross-vendor risk rating and the Common Vulnerability Scoring System (CVSS). Furthermore, the paper also contains a brief demise of the most important representatives of comrnercial IDSs.
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartof10. DFN-Forum Kommunikationstechnologien
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-271
dc.subjectNetwork Security
dc.subjectIntrusion Detection
dc.subjectRisk Rating
dc.subjectRisk Assessment
dc.subjectRisk Severity
dc.titleOn the Perception of Risk Assessment in Intrusion Detection Systems
dc.typeText/Conference Paper
dc.pubPlaceBonn
mci.reference.pages21-30
mci.conference.sessiontitleSicherheit
mci.conference.locationBerlin
mci.conference.date30.-31. Mai 2017


Files in this item

Thumbnail

Show simple item record