Improving the Quality of Alerts with Correlation in Intrusion Detection

被引:0
|
作者
Salim, Lalla Fatima [1 ]
Mezrioui, Abdellatif [2 ]
机构
[1] FSTM, Mohammadia, Morocco
[2] INPT, Rabat, Morocco
来源
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 12期
关键词
Intrusion alert; alerts correlation; attack scenarios; Network Security;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. In this paper, we present an alert correlation technique based on causal relationships between alerts. The goal of the proposed technique is not only to group alerts together, but also to represent the correlated alerts in a way that they reflect the corresponding attack scenarios.
引用
收藏
页码:210 / 215
页数:6
相关论文
共 50 条
  • [1] Modeling network intrusion detection alerts for correlation
    Zhou, Jingmin
    Heckman, Mark
    Reynolds, Brennen
    Carlson, Adam
    Bishop, Matt
    ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2007, 10 (01)
  • [2] Correlation of Alerts Using Prerequisites and Consequences for Intrusion Detection
    Mallissery, Sanoop
    Praveen, K.
    Sathar, Shahana
    COMPUTATIONAL INTELLIGENCE AND INFORMATION TECHNOLOGY, 2011, 250 : 662 - +
  • [3] Improving Usability and Intrusion Detection Alerts in a Home Video Surveillance System
    Jose Abasolo, Maria
    Sebastian Castaneda, Carlos
    COMPUTER SCIENCE - CACIC 2020, 2021, 1409 : 350 - 364
  • [4] Real-time analysis of intrusion detection alerts via correlation
    Lee, Soojin
    Chung, Byungchun
    Kim, Heeyoul
    Lee, Yunho
    Park, Chanil
    Yoon, Hyunsoo
    COMPUTERS & SECURITY, 2006, 25 (03) : 169 - 183
  • [5] A Rough Set Based Alerts Aggregation and Correlation Model for Intrusion Detection
    Zhou, Lin
    Wang, Chunping
    Jiang, Feng
    2012 THIRD INTERNATIONAL CONFERENCE ON TELECOMMUNICATION AND INFORMATION (TEIN 2012), 2012, : 27 - 33
  • [6] An Alerts Correlation Technology for Large-Scale Network Intrusion Detection
    Yuan, Jingbo
    Ding, Shunli
    WEB INFORMATION SYSTEMS AND MINING, PT I, 2011, 6987 : 352 - +
  • [7] AIDA Framework: Real-Time Correlation and Prediction of Intrusion Detection Alerts
    Husak, Martin
    Kaspar, Jaroslav
    14TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2019), 2019,
  • [8] Preprocessor of Intrusion Alerts Correlation Based on Ontology
    Li, Wan
    Tian, Shengfeng
    2009 WRI INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND MOBILE COMPUTING: CMC 2009, VOL 3, 2009, : 460 - +
  • [9] Analyzing intensive intrusion alerts via correlation
    Ning, P
    Cui, Y
    Reeves, DS
    RECENT ADVANCES IN INTRUSION DETECTION, PROCEEDINGS, 2002, 2516 : 74 - 94
  • [10] Improving Effectiveness of Intrusion Detection by Correlation Feature Selection
    Nguyen, Hai
    Franke, Katrin
    Petrovic, Slobodan
    FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 17 - 24
12345