Alert Correlation Analysis based on Clustering Technique for IDS
نویسندگان
چکیده
منابع مشابه
Improving Efficiency of IDS using alert Correlation
Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenever abnormal activities are detected. However, the number of these alerts can be very large making their evaluation a difficult task for a security analyst. Alert management techniques reduce alert volume significantly and potentially improve detection performance of an Intrusion Detection System....
متن کاملM2D2: A Formal Data Model for IDS Alert Correlation
At present, alert correlation techniques do not make full use of the information that is available. We propose a data model for IDS alert correlation called M2D2. It supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities, information about the security tools used for the monitoring, and information a...
متن کاملChoosing the Best Hierarchical Clustering Technique Based on Principal Components Analysis for Suspended Sediment Load Estimation
1- INTRODUCTION The assessment of watershed sediment load is necessary for controling soil erosion and reducing the potential of sediment production. Different estimates of sediment amounts along with the lack of long-term measurements limits the accessibility to reliable data series of erosion rate and sediment yield. Therefore, the observed data of suspended sediment load could be used to ...
متن کاملIntrusion Alert Correlation Technique Analysis for Heterogeneous Log
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System (IDS) problem suc...
متن کاملPractical IDS alert correlation in the face of dynamic threats
A significant challenge in applying IDS alert correlation in today’s dynamic threat environment is the labor and expertise needed in constructing the correlation model, or the knowledge base, for the correlation process. New IDS signatures capturing emerging threats are generated on a daily basis, and the attack scenarios each captured activity may be involved in are also multitude. Thus it bec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: The KIPS Transactions:PartC
سال: 2003
ISSN: 1598-2858
DOI: 10.3745/kipstc.2003.10c.6.665