Improving intrusion detection intelligence by open data usage
2023
Paulins, Nauris
Cyberattacks have become a regular part of network activity. To mitigate the risks from possible threats, organisations have implemented firewalls and intrusion detection systems, which can help stop network attacks. The problem is that often the accuracy of these systems is not effective enough. Another part of network security is security information and management platforms. These systems are more advanced versions of Threat Intelligence Platforms, because it is possible to make in-depth analyses of real-time events in a network. This research paper proposes improving intrusion detection system functionality using Open-Source Intelligence. Anomaly-based intrusion detection systems often generate alerts, but these alerts require deeper analysis to understand whether it is a real attack or just a false alarm. By making Open-Source Intelligence requests and evaluating extra information, it is possible to make more precise rules to stop attacks against network infrastructure. Open-Source Intelligence requests are generated directly from the intrusion detection system or with Python scripts based on the organisation’s infrastructure profile. The proposed architecture was experimentally tested by automating Open-Source Intelligence requests and intrusion detection rule generation by Python scripts.
Afficher plus [+] Moins [-]Mots clés AGROVOC
Informations bibliographiques
Editeur Latvia University of Life Sciences and Technologies
Cette notice bibliographique a été fournie par Fundamental Library of Latvia University of Life Sciences and Technologies
Découvrez la collection de ce fournisseur de données dans AGRIS
