Remote Security Management System
The basic idea of the Remote Security Management System was inspired by similarities between computer network security and ordinary safeguarding security systems. It is a commonly used solution in the case of ordinary appliances when alert signals from the installed intrusion detection systems are transferred to a dispatcher center, where alerts can be handled in a centralized manner. In the world of informatics, however, this solution has not been realized yet due to several technical problems, incompatibilities, ambiguous alerts, false alarms and the lack of possible intervention. Finding a solution to the problems of remote computer security management would be an important research result as the technology is more efficient and economical than local security management. One of the greatest challenges in remote computer security management is that the notion of intrusion is not so easily definable compared to ordinary safeguarding systems. Security appliances generate alerts with different levels and semantics, moreover, these messages often prove to be false alarms. Selecting messages with valuable data from the reports definitely requires intelligent decisions, which can be supported by an artificial intelligence module: the system can learn situations that have already proven to be false alarms, and later on these cases will be recognized and can be filtered out. In order to realize this kind of functionality we intend to utilize data mining methods, where the algorithm looks for coincidences between alert messages and other environmental parameters. The discovered patterns will be analyzed by experts who can decide whether the rule can be used to avoid false alarms or to recognize a tricky exploit. Gathering the accepted rules into a central knowledge base, the system can transfer generally applicable rules between different systems, but is also possible to learn the characteristics of each local system.