Data Reduction in Intrusion Alert Correlation
نویسندگان
چکیده
منابع مشابه
Data Reduction in Intrusion Alert Correlation
Network intrusion detection sensors are usually built around low level models of network traffic. This means that their output is of a similarly low level and as a consequence, is difficult to analyze. Intrusion alert correlation is the task of automating some of this analysis by grouping related alerts together. Attack graphs provide an intuitive model for such analys...
متن کاملTitle : Alert Correlation in Collaborative Intelligent Intrusion
As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuseand anomaly-based. A collaborative intelligent intrusion detection system (CIIDS) is proposed to include both methods, since it is concluded from recent res...
متن کاملReal-Time Intrusion Detection Alert Correlation
Real-Time Intrusion Detection Alert Correlation
متن کاملAn Improved Framework for Intrusion Alert Correlation
Alert correlation analyzes the alerts from one or more collaborative Intrusion Detection Systems (IDSs) to produce a concise overview of security-related activity on the network. The process consists of multiple components, each responsible for a different aspect of the overall correlation goal. The sequence order of the correlation components affects the correlation process performance. The to...
متن کاملExtending Intrusion Detection with Alert Correlation and Intrusion Tolerance
Intrusion detection is an important security tool. It has the possibility to provide valuable information about the current status of security. However, as enterprises deploy multiple intrusion detection sensors at key points in their networks, the issue of correlating messages from these sensors becomes increasingly important. A correlation capability reduces alert volume, and potentially impr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: SSRN Electronic Journal
سال: 2006
ISSN: 1556-5068
DOI: 10.2139/ssrn.2824155