2007 Fiscal Year Final Research Report Summary
Reducing false negative/false positive of IDS/IPS based on formal definition of attacks
| Project/Area Number |
17500032
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Chiba University |
|---|
Principal Investigator |
IMAIZUMI Takashi Chiba University, Institute of Media and Information Technology, Associate Professor (70242287)
|
|---|
| Project Period (FY) |
2005 – 2007
|
| Keywords | Internet Security / Intrusion Detection / Prevention System |
|---|
| Research Abstract |
It is important far Intrusion Detection/Prevention Systems to reduce false alerts. If the system makes alerts for ordinary activities, administrators must check the existence of actual intrusions. We found that the differences of recognition among producer of IDS and user of IDS make these false alerts. We researched on how to represent threats that the users consider to be reported.
The users of the system consider alerts as false alerts when the detection result is different from the one expected. They judge it according to their own vague senses. It is very difficult to express such a vague demand strictly using description languages similar to programming languages. We found that the technique of the requirements analysis in software engineering is useful to express a vague demand. We define the notation of threats using the technique found in software engineering area. We use post conditions to describe threats, so we can' t use this for IDS/IPS configurations. However, we can evaluate IDS systems by comparing ratios of false alerts.
|
Research Products
(2 results)
