Intrusion Alert Correlation Technique Analysis for Heterogeneous Log
نویسندگان
چکیده
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System (IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to improve the current alert correlation technique. They are capability to do alert reduction, alert clustering, identify multistep attack, reduce false alert, detect known attack and detect unknown attack.
منابع مشابه
Multi-paradigm frameworks for scalable intrusion detection
correlation between the clustered alerts' network activity profiles. Using this technique, alerts from multiple IDS, IPS and ADS sensors can be correlated without the need of normalization, the use of an alert ontology or expert rules. Additionally, our approach does not temporally constrain the correlation process, allowing for long-term trend analysis and knowledge discovery. Although our cur...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملExtending Intrusion Detection with Alert Correlation and Intrusion Tolerance
Intrusion detection is an important security tool. It has the possibility to provide valuable information about the current status of security. However, as enterprises deploy multiple intrusion detection sensors at key points in their networks, the issue of correlating messages from these sensors becomes increasingly important. A correlation capability reduces alert volume, and potentially impr...
متن کاملAn Alert Correlation Analysis Oriented Incremental Mining Algorithm of Closed Sequential Patterns with Gap Constraints
Large-scale network attacks will bring great damage to the network. Although the existing detection systems are able to detect a large number of known attacks, when facing large-scale network attacks, log data generated by these systems usually increases rapidly, which forms vast amount of alert information in a short period of time. This paper researches on picking up alert information efficie...
متن کاملImproving Efficiency of IDS using alert Correlation
Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenever abnormal activities are detected. However, the number of these alerts can be very large making their evaluation a difficult task for a security analyst. Alert management techniques reduce alert volume significantly and potentially improve detection performance of an Intrusion Detection System....
متن کامل