CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Decision Support for Intrusion Detection Data Collection

Ulf Larson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers)) ; Stefan Lindskog ; Dennis K. Nilsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers)) ; Erland Jonsson (Institutionen för data- och informationsteknik, Datorteknik (Chalmers))
Proceedings of the 13th Nordic Workshop on Secure IT-systems (NordSec 2008), October 9-10, 2008, Copenhagen, Denmark (2008)
[Konferensbidrag, refereegranskat]

Data collection is a critical but difficult activity for intrusion detection. The amount of resources that must be monitored and the rate at which events are generated makes it impossible to use an exhaustive collection strategy. Furthermore, selection and configuration of data collection mechanisms is a tedious and elaborate task for both designers and operators. Therefore, we propose a decision support system (DSS) for selecting and configuring data collection mechanisms. We suggest a generic system model for selecting data collection mechanisms based on the amount of excess data produced. We also provide an implementation of the system. The DSS reduces effort, time, and expertise required in the selection process, and allows both designers and operators to focus on intrusion detection rather than selection and configuration of data collection mechanisms.

Nyckelord: intrusion detection, decision support, logging, adaptive security, data collection



Denna post skapades 2009-01-16. Senast ändrad 2009-01-16.
CPL Pubid: 88184

 

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Datorteknik (Chalmers)

Ämnesområden

Datorteknik

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:


On Adapting Data Collection to Intrusion Detection