White Paper : Alert Correlation : Review of the state of the art 1 November 28 , 2003
نویسندگان
چکیده
The purpose of this document is to offer a review of the state of the art concerning the emerging field of so-called «alert correlation». Despite the fact that several recent publications seem to present this domain as a new one, we will show the close connections that exist with another well established one, namely network management and its event correlation approaches. We try to highlight the core notions embedded within the term “correlation” thanks to the definition of several building blocks used to design “correlation engines”. We focus on the techniques used within the intrusion detection domain and present a survey not only of papers published in that field but also of currently available tools. We show the gap that exists, as of today, between sophisticated techniques presented in research papers and actual implementations that are readily available.
منابع مشابه
Alert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملIdentification and Prioritization of the State-of-the-Art Technologies in the Management of Iranian Public Libraries
Purpose: State-of-the-art technology refers to the best and latest technological advancement possible at a particular time. Today, public libraries play a key role in the various cultural and social spheres of society. Although various technologies can help to fulfill the basic roles of public libraries correctly and completely, their application in the context of these libraries undoubtedly fa...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملDiagnostic and Prognostic Value of Cardiac Biomarkers in Children with Kawasaki Disease: A State-of-the-Art Review
Kawasaki disease (KD) is characterized as the leading cause of acquired cardiac disease in children. Accurate and timely diagnosis of KD is of high importance for preventing its cardiac complications. However, diagnosis merely based on clinical findings has a number of challenges and, limitations. Therefore, researchers are investigating to find more object...
متن کاملEnzyme Immobilization: The State of Art in Biotechnology
The advantages of immobilized enzyme over its soluble counterpart arise from their improved stability andeasy separation from the reaction media, leading to decrease in production cost. Immobilization methodsrange from adsorption onto matrices, entrapment, cross-linking and covalent bonding to prefabricatedcarriers or activated supports. Changes in kinetic properties of immobi...
متن کامل