Improving the Quality of Alerts with Correlation in Intrusion Detection

被引:0
|
作者
Salim, Lalla Fatima [1 ]
Mezrioui, Abdellatif [2 ]
机构
[1] FSTM, Mohammadia, Morocco
[2] INPT, Rabat, Morocco
来源
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY | 2007年 / 7卷 / 12期
关键词
Intrusion alert; alerts correlation; attack scenarios; Network Security;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. In this paper, we present an alert correlation technique based on causal relationships between alerts. The goal of the proposed technique is not only to group alerts together, but also to represent the correlated alerts in a way that they reflect the corresponding attack scenarios.
引用
收藏
页码:210 / 215
页数:6
相关论文
共 50 条
  • [1] Modeling network intrusion detection alerts for correlation
    Zhou, Jingmin
    Heckman, Mark
    Reynolds, Brennen
    Carlson, Adam
    Bishop, Matt
    [J]. ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2007, 10 (01)
  • [2] Correlation of Alerts Using Prerequisites and Consequences for Intrusion Detection
    Mallissery, Sanoop
    Praveen, K.
    Sathar, Shahana
    [J]. COMPUTATIONAL INTELLIGENCE AND INFORMATION TECHNOLOGY, 2011, 250 : 662 - +
  • [3] Improving Usability and Intrusion Detection Alerts in a Home Video Surveillance System
    Jose Abasolo, Maria
    Sebastian Castaneda, Carlos
    [J]. COMPUTER SCIENCE - CACIC 2020, 2021, 1409 : 350 - 364
  • [4] A Rough Set Based Alerts Aggregation and Correlation Model for Intrusion Detection
    Zhou, Lin
    Wang, Chunping
    Jiang, Feng
    [J]. 2012 THIRD INTERNATIONAL CONFERENCE ON TELECOMMUNICATION AND INFORMATION (TEIN 2012), 2012, : 27 - 33
  • [5] Real-time analysis of intrusion detection alerts via correlation
    Lee, Soojin
    Chung, Byungchun
    Kim, Heeyoul
    Lee, Yunho
    Park, Chanil
    Yoon, Hyunsoo
    [J]. COMPUTERS & SECURITY, 2006, 25 (03) : 169 - 183
  • [6] An Alerts Correlation Technology for Large-Scale Network Intrusion Detection
    Yuan, Jingbo
    Ding, Shunli
    [J]. WEB INFORMATION SYSTEMS AND MINING, PT I, 2011, 6987 : 352 - +
  • [7] AIDA Framework: Real-Time Correlation and Prediction of Intrusion Detection Alerts
    Husak, Martin
    Kaspar, Jaroslav
    [J]. 14TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2019), 2019,
  • [8] Preprocessor of Intrusion Alerts Correlation Based on Ontology
    Li, Wan
    Tian, Shengfeng
    [J]. 2009 WRI INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND MOBILE COMPUTING: CMC 2009, VOL 3, 2009, : 460 - +
  • [9] Analyzing intensive intrusion alerts via correlation
    Ning, P
    Cui, Y
    Reeves, DS
    [J]. RECENT ADVANCES IN INTRUSION DETECTION, PROCEEDINGS, 2002, 2516 : 74 - 94
  • [10] Improving Effectiveness of Intrusion Detection by Correlation Feature Selection
    Nguyen, Hai
    Franke, Katrin
    Petrovic, Slobodan
    [J]. FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 17 - 24
12345