摘要 |
According to one embodiment of the invention, a method for reducing the fals e alarm rate of network intrusion detection systems includes receiving an alar m indicating a network intrusion may have occurred, identifying characteristic s of the alarm, including at least an attack type and a target address, queryi ng a target host associated with the target address for an operating system fingerprint, receiving the operating system fingerprint that includes the operating system type from the target host, comparing the attack type to the operating system type, and indicating whether the target host is vulnerable to the attack based on the comparison.
|