Home Library & Information Science, Book Studies Using Alert Verification to Identify Successful Intrusion Attempts
Article
Licensed
Unlicensed Requires Authentication

Using Alert Verification to Identify Successful Intrusion Attempts

  • C. Kruegel , W. Robertson and G. Vigna
Published/Copyright: December 14, 2007
Become an author with De Gruyter Brill
Author Information
PIK - Praxis der Informationsverarbeitung und Kommunikation
From the journal Volume 27 Issue 4

ABSTRACT

Intrusion detection systems monitor protected networks and attempt to identify evidence of malicious activity. When an attack is detected, an alert is produced, and, possibly, a countermeasure is executed. A perfect intrusion detection system would be able to identify all the attacks without raising any false alarms. In addition, a countermeasure would be executed only when an attack is actually successful. Unfortunately false alarms are commonplace in intrusion detection systems, and perfectly benign events are interpreted as malicious. In addition, non-relevant alerts are also common. These are alerts associated with attacks that were not successful. Such alerts should be tagged appropriately so that their priority can be lowered.

The process of identifying alerts associated with successful attacks is called alert verification. This paper describes the different issues involved in alert verification and presents a tool that performs real-time verification of attacks detected by an intrusion detection system. The experimental evaluation of the tool shows that verification can dramatically reduce both false and non-relevant alerts.

Published Online: 2007-12-14
Published in Print: 2004-December

© Copyright by K.G. Saur Verlag 2004

Articles in the same Issue

  1. Reactive Security – Intrusion Detection, Honeypots, and Vulnerability Assessment
  2. Honeynet Operation within the German Research Network – A Case Study
  3. Vulnerability Assessment using Honeypots
  4. A Network of IDS Sensors for Attack Statistics
  5. Foundations for Intrusion Prevention
  6. Using Alert Verification to Identify Successful Intrusion Attempts
  7. Intrusion Detection in Unlabeled Data with Quarter-sphere Support Vector Machines
  8. Trust-Based Monitoring of Component-Structured Software
  9. Linux Diskless Clients – Festplattenlose Systeme für den Kursraumbetrieb
  10. Alois Potton hat das Wort
https://doi.org/10.1515/PIKO.2004.219

Articles in the same Issue

  1. Reactive Security – Intrusion Detection, Honeypots, and Vulnerability Assessment
  2. Honeynet Operation within the German Research Network – A Case Study
  3. Vulnerability Assessment using Honeypots
  4. A Network of IDS Sensors for Attack Statistics
  5. Foundations for Intrusion Prevention
  6. Using Alert Verification to Identify Successful Intrusion Attempts
  7. Intrusion Detection in Unlabeled Data with Quarter-sphere Support Vector Machines
  8. Trust-Based Monitoring of Component-Structured Software
  9. Linux Diskless Clients – Festplattenlose Systeme für den Kursraumbetrieb
  10. Alois Potton hat das Wort
Sign up now to receive a 20% welcome discount
Institutional Access
How does access work?
Have an idea on how to improve our website?
Please write us.
© 2026 De Gruyter Brill
Downloaded on 9.2.2026 from https://www.degruyterbrill.com/document/doi/10.1515/PIKO.2004.219/html
Scroll to top button