Intrusion Detection Alarm Correlation: a Survey
نویسندگان
چکیده
It is 17 years since Dorothy Denning proposed the first intrusion detection model. These systems have evolved rapidly from that model to present alarm correlation methods. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Many of the technologies proposed are complementary to each other, since for different kind of environments some approaches perform better than others. Alert correlation methods try to cover the problem of the huge amount of both positive alarms as well as false alarms they report. The techniques used in this area aim to help the detectors discern between alarms generated by real attacks and legitimate traffic. Consequently, the amount of false alarms can be reduced easing the work of system administrators in relation to IDSs. Proper alert correlation methods also provide a higher confidence for incorporating these systems into organisations.
منابع مشابه
Intrusion Detection Technique based on Dendritic Cell Algorithm and Dempster Belief Theory
Today traditional intrusion detection systems are unable to detect intrusion attacks. Huge number of false alarm generated by the system results in financial loss of an organization. The unique features of artificial immune system encourage and motivate the researchers to employ this technique in variety of applications and especially in intrusion detection systems. Recently Artificial immune s...
متن کاملA Literature Survey and Comprehensive Study of Intrusion Detection
With the rapid expansion of computer usage and computer network the security of the computer system has became very important. Every day new kind of attacks are being faced by industries. As the threat becomes a serious matter year by year, intrusion detection technologies are indispensable for network and computer security. A variety of intrusion detection approaches be present to resolve this...
متن کاملAlarm Reduction and Correlation in Intrusion Detection Systems
Large Critical Complex Infrastructures are increasingly dependent on IP networks. Reliability by redundancy and tolerance are an imperative for such dependable networks. In order to achieve the desired reliability, the detection of faults, misuse, and attacks is essential. This can be achieved by applying methods of intrusion detection. However, in large systems, these methods produce an uncont...
متن کاملIntrusion Detection based on a Novel Hybrid Learning Approach
Information security and Intrusion Detection System (IDS) plays a critical role in the Internet. IDS is an essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality and system availability against possible threats. In this paper, a hybrid approach towards achieving high performance is proposed. In fact, the important goal of this paper ...
متن کاملShallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey
Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a...
متن کامل