"Anomaly Assessment of IDS Alerts"

Steven Templeton

Security Lab Seminar -- Dec. 4, 2002

Abstract: A key issue in working with "real world" intrusion detection systems is managing the high volume of alerts these systems typically generate. As a means to help prioritize and assess the significance of the alerts we are developing a sematic-based anomaly assessment system that provides both an anomaly value and an English language description of how the alerts are anomalous. The product of this work is part of the Promia Inc. IASM (Intelligent Agent Security Module) product. Promia is a growing security solutions and tools provider to government and industry.