Survey of Event Correlation Techniques for Attack Detection in Early Warning Systems
نویسندگان
چکیده
In the context of early warning systems for detecting Internet worms and other attacks, event correlation techniques are needed for two reasons. First, network attack detection is usually based on distributed sensors, e.g. intrusion detection systems. During attacks but even in normal operation, the generated amount of events is hard to handle in order to evaluate the current attack situation for a larger network. Thus, the concept of event or alert correlation has been introduced. This survey was motivated by recent work on early warning systems. We summarize and clarify the typical terminology used in this context and present a requirement analysis from an early warning system’s point of view. In the main part of this survey, we summarize and classify event correlation techniques as described in the literature.
منابع مشابه
Components for Cooperative Intrusion Detection in Dynamic Coalition Environments
We present a prototype of an Intrusion Warning System for combining event message flows of multiple domain-specific security tools in order to determine anomalies for early warning and response. Unlike other approaches for cooperating Intrusion Detection Systems (IDS), we suggest a modified star shape architecture for distributing attack information and feed back warning messages. We assume tha...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملTsunami warning system using of IoT
Abstract Today, the world has reached a new nature with advances in science. The Internet of Things is a technology that can connect all objects in different fields through the Internet. Any unforeseen event that destroys economic, social and physical capabilities and inflicts human and financial losses is known as a natural disaster, such as a tsunami. IoT-based tsunami forecasting system ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملDesign and Development of Early Warning System for Desertification and Land Degradation
Early warning systems are key components of strategies to reduce risk. This research, by adopting a systematic approach in the management of the risk of desertification and by including previously developed models and systems, offers an integrated efficient structure in terms of early warning for the risk of desertification as a pilot system for semi-arid areas of west Golestan Province in IRAN...
متن کامل