Reducing false negative/false positive of IDS/IPS based on formal definition of attacks
| Project/Area Number |
17500032
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Chiba University |
|---|
Principal Investigator |
IMAIZUMI Takashi Chiba University, Institute of Media and Information Technology, Associate Professor (70242287)
|
|---|
| Project Period (FY) |
2005 – 2007
|
| Project Status |
Completed (Fiscal Year 2007)
|
| Budget Amount *help |
¥3,700,000 (Direct Cost: ¥3,400,000、Indirect Cost: ¥300,000)
Fiscal Year 2007: ¥1,300,000 (Direct Cost: ¥1,000,000、Indirect Cost: ¥300,000)
Fiscal Year 2006: ¥1,100,000 (Direct Cost: ¥1,100,000)
Fiscal Year 2005: ¥1,300,000 (Direct Cost: ¥1,300,000)
|
|---|
| Keywords | Internet Security / Intrusion Detection / Prevention System / IDS / IPS / 誤検知 / False Positive q / 侵入検知システム / 侵入遮断システム / False Positive |
|---|
| Research Abstract |
It is important far Intrusion Detection/Prevention Systems to reduce false alerts. If the system makes alerts for ordinary activities, administrators must check the existence of actual intrusions. We found that the differences of recognition among producer of IDS and user of IDS make these false alerts. We researched on how to represent threats that the users consider to be reported.
The users of the system consider alerts as false alerts when the detection result is different from the one expected. They judge it according to their own vague senses. It is very difficult to express such a vague demand strictly using description languages similar to programming languages. We found that the technique of the requirements analysis in software engineering is useful to express a vague demand. We define the notation of threats using the technique found in software engineering area. We use post conditions to describe threats, so we can' t use this for IDS/IPS configurations. However, we can evaluate IDS systems by comparing ratios of false alerts.
|
Report
(4 results)
Research Products
(2 results)
