IDS alert verification based on multi-source security information
基于多源安全信息的IDS告警验证研究

Due to the design flaws and the ignorance of the target system's information, there exist several shortages in the current intrusion detection systems, such as alert overload and high false alarm rate. To solve these problems, based on the analysis of the current alert verification algorithms, a new alert verification algorithm has been presented in this paper. By utilizing the multi source security information including vulnerability information, system security log and the system state inspection information, the raw IDS alert information generated by the intrusion detection system can be verified and filtered according to the verification algorithm. Experimental results have demonstrated the effectiveness of the verification algorithm.