Improving the Quality of Alerts with Correlation in Intrusion Detection

被引:0
作者
Salim, Lalla Fatima [1 ]
Mezrioui, Abdellatif [2 ]
机构
[1] FSTM, Mohammadia, Morocco
[2] INPT, Rabat, Morocco
来源
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 12期
关键词
Intrusion alert; alerts correlation; attack scenarios; Network Security;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. In this paper, we present an alert correlation technique based on causal relationships between alerts. The goal of the proposed technique is not only to group alerts together, but also to represent the correlated alerts in a way that they reflect the corresponding attack scenarios.
引用
收藏
页码:210 / 215
页数:6
相关论文
共 50 条
  • [21] A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks
    Artail, Hassan
    Safa, Haidar
    Sraj, Malek
    Kuwatly, Iyad
    Al-Masri, Zaid
    COMPUTERS & SECURITY, 2006, 25 (04) : 274 - 288
  • [22] Skyline computation for improving naïve Bayesian classifier in intrusion detection system
    Alem A.
    Dahmani Y.
    Mebarek B.
    Ingenierie des Systemes d'Information, 2019, 24 (05): : 513 - 518
  • [23] Linear Correlation-Based Feature Selection for Network Intrusion Detection Model
    Eid, Heba F.
    Hassanien, Aboul Ella
    Kim, Tai-hoon
    Banerjee, Soumya
    ADVANCES IN SECURITY OF INFORMATION AND COMMUNICATION NETWORKS, 2013, 381 : 240 - +
  • [24] Distributed exchange of alerts for the detection of coordinated attacks
    Garcia-Alfaro, J.
    Jaeger, M. A.
    Muehll, G.
    Barrera, I.
    Borrell, J.
    CNSR 2008: PROCEEDINGS OF THE 6TH ANNUAL COMMUNICATION NETWORKS AND SERVICES RESEARCH CONFERENCE, 2008, : 96 - +
  • [25] A Bayesian network-based approach for learning attack strategies from intrusion alerts
    Kavousi, Fatemeh
    Akbari, Behzad
    SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (05) : 833 - 853
  • [26] Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining
    Khamphakdee, Nattawat
    Benjamas, Nunnapus
    Saiyod, Saiyan
    JOURNAL OF ICT RESEARCH AND APPLICATIONS, 2015, 8 (03) : 234 - 250
  • [27] Adaptive IDS Alerts Correlation according to the traffic type and the attacks properties
    Sourour, Meharouech
    Adel, Bouhoula
    Tarek, Abbes
    2009 IEEE INTERNATIONAL ADVANCE COMPUTING CONFERENCE, VOLS 1-3, 2009, : 1652 - 1657
  • [28] Novel method to calculate causal correlation belief values of network alerts
    School of Information Security Engineering, Shanghai Jiaotong University, Shanghai 200240, China
    不详
    不详
    Jiefangjun Ligong Daxue Xuebao, 2009, 3 (215-218):
  • [29] Man in the Middle Intrusion Detection
    Trabelsi, Zouheir
    Shuaib, Khaled
    GLOBECOM 2006 - 2006 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, 2006,
  • [30] Intrusion Detection Using SVM
    Liu Wu
    Ren Ping
    Liu Ke
    Duan Hai-xin
    2011 7TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING (WICOM), 2011,
12345