Aggregation and Correlation of Intrusion-Detection Alerts
نویسندگان
چکیده
This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملModeling Intrusion Alerts using IDMEF Data Model
In response to proliferated attacks on enterprise systems today, practitioners employ multiple, diverse intrusion detection sensors to improve the detection rate and the coverage within the system for increased information assurance. An important problem in such environment is the management of alerts. One of the essential issues in alerts management is the standardization of the alerts format....
متن کاملDetection of Intrusion using Alert Aggregation in DataStream Modelling with Constructive Basis
Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts—produced by low-level intrusion detection systems, firewalls, etc.—belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevant information wherea...
متن کاملA Genetic Algorithm Approach for Analyzing Network Intrusion Hyperalerts
A network intrusion hyperalert is an aggregation of related alerts. Several different intrusion alerts may be related to one attack. The reasoning power pertaining to alerts is increased if these related alerts can be integrated into one construct, the hyperalert. Having a history of alerts/attacks, we propose a genetic algorithm approach to determine “interesting” aggregation of such alerts an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001