| Popis: |
Intrusion Detection Systems (IDS) are one of the powerful systems used to secure the computer environments. These systems trigger thousands of alerts per day and become a headache issue to the analyst, because they need to analyze the severity of the alerts and other fields, such as the IP addresses. This paper Investigates the most popular aggregation methods, which deals with IDS alerts. In addition, we propose Threshold Aggregation Framework (TAF) to handle IDS alerts. TAF is based on time as a main component to aggregate the alerts while TAF support aggregating alerts without threshold by setting the threshold value to 0. |
