Improving the Quality of Alerts with Correlation in Intrusion Detection

被引:0
作者
Salim, Lalla Fatima [1 ]
Mezrioui, Abdellatif [2 ]
机构
[1] FSTM, Mohammadia, Morocco
[2] INPT, Rabat, Morocco
来源
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 12期
关键词
Intrusion alert; alerts correlation; attack scenarios; Network Security;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. In this paper, we present an alert correlation technique based on causal relationships between alerts. The goal of the proposed technique is not only to group alerts together, but also to represent the correlated alerts in a way that they reflect the corresponding attack scenarios.
引用
收藏
页码:210 / 215
页数:6
相关论文
共 50 条
  • [31] Analysis of Intrusion Detection System
    Gu Yue-sheng
    Feng Hong-yu
    Wang Jian-ping
    [J]. COMPONENTS, PACKAGING AND MANUFACTURING TECHNOLOGY, 2011, 460-461 : 451 - 454
  • [32] Data mining for intrusion detection
    Liu, DH
    Wang, HZ
    Wang, XM
    [J]. 2001 INTERNATIONAL CONFERENCES ON INFO-TECH AND INFO-NET PROCEEDINGS, CONFERENCE A-G: INFO-TECH & INFO-NET: A KEY TO BETTER LIFE, 2001, : E7 - E12
  • [33] A real-time alert correlation method based on code-books for intrusion detection systems
    Mahdavi, Ehsan
    Fanian, Ali
    Amini, Fatima
    [J]. COMPUTERS & SECURITY, 2020, 89
  • [34] Adaptive IDS Alerts Correlation according to the traffic type and the attacks properties
    Sourour, Meharouech
    Adel, Bouhoula
    Tarek, Abbes
    [J]. 2009 IEEE INTERNATIONAL ADVANCE COMPUTING CONFERENCE, VOLS 1-3, 2009, : 1652 - 1657
  • [35] Cyber-Attack Prediction Based on Network Intrusion Detection Systems for Alert Correlation Techniques: A Survey
    Albasheer, Hashim
    Siraj, Maheyzah Md
    Mubarakali, Azath
    Tayfour, Omer Elsier
    Salih, Sayeed
    Hamdan, Mosab
    Khan, Suleman
    Zainal, Anazida
    Kamarudeen, Sameer
    [J]. SENSORS, 2022, 22 (04)
  • [36] Novel method to calculate causal correlation belief values of network alerts
    School of Information Security Engineering, Shanghai Jiaotong University, Shanghai 200240, China
    不详
    不详
    [J]. Jiefangjun Ligong Daxue Xuebao, 2009, 3 (215-218):
  • [37] Wireless intrusion detection and response
    Lim, YX
    Schmoyer, T
    Levine, J
    Owen, HL
    [J]. IEEE SYSTEMS, MAN AND CYBERNETICS SOCIETY INFORMATION ASSURANCE WORKSHOP, 2003, : 68 - 75
  • [38] Correlating intrusion alerts to obtain attack instances through improved evolving self-organizing maps
    Xiao, Y.
    Wang, X. H.
    [J]. 2008 PROCEEDINGS OF INFORMATION TECHNOLOGY AND ENVIRONMENTAL SYSTEM SCIENCES: ITESS 2008, VOL 1, 2008, : 580 - 586
  • [39] Optimizing feature selection in intrusion detection systems: Pareto dominance set approaches with mutual information and linear correlation ☆
    Barbosa, Guilherme Nunes Nasseh
    Andreoni, Martin
    Mattos, Diogo Menezes Ferrazani
    [J]. AD HOC NETWORKS, 2024, 159
  • [40] Instantiated First Order Qualitative Choice Logic for an efficient handling of alerts correlation
    Bouzar-Benlabiod, Lydia
    Benferhat, Salem
    Bouabana-Tebibel, Thouraya
    [J]. INTELLIGENT DATA ANALYSIS, 2015, 19 (01) : 3 - 27
12345