Konferenzbeitrag
Towards adaptive event prioritization for network security - ideas and challenges
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
Zusatzinformation
Datum
2016
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
In the network security domain Intrusion detection systems (IDS) are known for their problems in creating huge amounts of data and especially false positives. Several approaches, originating in the machine learning domain, have been proposed for a better classification. However, threat prioritization has also shown, that a distinction in true and false positives is not always sufficient for a profound security analysis. We therefore propose an approach to combine several aspects from those two areas. On the one hand, threat and event prioritization approaches are rather static with fixed calculation rules, whereas rule learning in alert verification focuses mostly on a binary