ALERT Generation Intrusion Detection System on Heterogeneous System

Security is one of the most fundamental concerns in today’s Enterprise network. An enterprise is composed of heterogeneous entities having varying asset values and attack vulnerabilities. To protect the information resources in an enterprise, packet filtering based firewall rules are deployed and the same time, to detect potential threats in the systems and network, intrusion detection systems are also deployed. In a general enterprise, set up these two activities are performed independently. But it was shown in the literature that the dynamic configuration of firewall rules can be achieved through utilization of the alerts generated by the IDS tools. However, the IDS systems normally generates large number of alerts that results in blocking of a large number of sites by the firewalls. In this work we propose a mechanism by which firewall rules are updated by capturing the alerts generated by IDS, but the sites are not blocked for all the information resources. Whether a site will be blocked for an information resource depends on Risk Rate of the resource. If the Risk Rate for an information resource exceeds a predefined threshold value then the site will be blocked for that particular resource. However the site will be available to all other resources having Risk Rate less than the threshold value. This includes the user experience of the network without using the attack vulnerabilities.