Ανάπτυξη συστήματος μετά επεξεργασίας συνεγερμών
Χαρούλης, Αναστάσιος Γ.
SubjectΑνάλυση και σχεδίαση συστημάτων ; Ηλεκτρονικοί υπολογιστές -- Δίκτυα -- Μέτρα ασφαλείας ; Προγραμματισμός ηλεκτρονικών υπολογιστών
Intrusion detection Systems (IDS) are commonly used in order to increase the level of security in a computer network. However successful these technologies may be, a common problem of almost all categories of IDSs is the huge number of alerts they produce and the high percentage of false ones. Generally IDSs produce too many alerts compared to the size of the system they protect; an IDS protecting an average-sized network produces thousands of alerts per day, which may require excessive effort from a single network administrator, in order to analyze and check them all. Besides, many of these alerts are usually false ones; they are alerts which have not been triggered by real intrusions, but can either be the outcome of normal system operations which trigger one of the IDS signatures, or the outcome of misconfigured IDS. This thesis attempts to develop suitable software whose objective is the treatment of alerts generated by an intrusion detection system so that the security analyst to have a more quality set of alerts available to elaborate.