An Automatic Alert Unification Method for Heterogeneous Alert Signatures
نویسنده
چکیده
Several monitoring systems are usually composed by heterogeneous monitoring sensors. Each sensor raises thousands of alerts to be saved and analyzed in a centralized station. Most of alerts raised by different sensors are almost the same but have various formats and various descriptions. The system administrator must identify manually similar alerts in order to decrease the number of generated alerts and to improve the data quality. This paper proposes an alert unification method that automatically creates meta-alerts from a set of heterogeneous alert sets coming from different security monitoring sensors. Instead of dealing with several sets of alerts, this method allows the administrator to use a unique set of meta-alerts.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملIntrusion Alert Correlation Technique Analysis for Heterogeneous Log
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System (IDS) problem suc...
متن کاملEarly Detection of Dysentery Outbreaks by Cumulative Sum Method Based on National Surveillance System Data in 1393-1396
Background and Objectives: Correct and timely detection of the outbreaks of diseases with a short incubation period is of great importance in the health system. The aim of this study was to determine the detection of dysentery outbreaks using the cumulative sum method. Methods: This time series study was conducted using the data of the National Surveillance System between 2014 and 2017. The...
متن کاملتولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 18 شماره
صفحات -
تاریخ انتشار 2016