Securing and defending computing networks has become a matter of growing importance attracting the attention of both practitioners and researchers. Among the suite of tools available to network managers to monitor and secure their networks are Intrusion Detection Systems (IDS); software and hardware systems designed and programmed to automate the process of monitoring networks and analyzing them for potential breaches. One of the challenges presented by IDSs is how do network managers prioritize and commit resources to investigate notification by an IDS of potential threats to the network. In this paper, we consider this problem and propose heuristic algorithms for how network managers can optimally allocate their limited resources for investigating IDS notifications.
Gupta, Jatinder N.D.; Kalaimannan, Ezhil; and Patnayakuni, Ravi, "IDS Alarms Investigation with Limited Resources" (2012). WISP 2012 Proceedings. 15.