IDEA: Classification of Security Events, their Participants and Detection Probes

Author:

Abstract: For IDEA (Intrusion Detection Extensible Alert) format to be really usable for security event data exchange, in addition to container and formats also taxonomies for description and classification has to be defined. We thus distil common classification by analysis and mutual mapping of number of existing taxonomies (creating translation between them on the way), and by identifying omissions, unsuitable semantics, unusual or too specific cases, and adding information conveyed in various types of real life security events, we also populate auxiliary dictionaries – classification of sources and destinations of attacks and description tags of detection probes. IDEA security event description may thus serve as simple to create and easy to understand form, onto which most of the existing automatically gained security information can be mapped.

WSEAS Transactions on Computers, ISSN / E-ISSN: 1109-2750 / 2224-2880, Volume 14, 2015, Art. #22

PDF
XML
Cite
×
Citation Tools
WSEAS AMA
Pavel Kácha, "IDEA: Classification of Security Events, their Participants and Detection Probes," WSEAS Transactions on Computers, vol. 14, pp. 213-223, 2015, DOI:
Pavel Kácha. IDEA: Classification of Security Events, their Participants and Detection Probes. WSEAS Transactions on Computers. 2015;14:213-223.
Copy to Clipboard
Citation copied to Clipboard

Certification

---