A Survey of Intrusion Alert Correlation and Its Design Considerations
作者: Leau Yu BengSureswaran RamadassSelvakumar ManickamTan Soo Fun
作者单位: 1National Advanced IPv6 Center, Universiti Sains Malaysia (USM) , 11800 Penang , Malaysia
2School of Engineering and Information Technology, Universiti Malaysia Sabah (UMS), 88450, Kota Kinabalu , Sabah , Malaysia
刊名: IETE Technical Review, 2014, Vol.31 (3), pp.233-240
来源数据库: Taylor & Francis Journal
DOI: 10.1080/02564602.2014.906864
关键词: Alert correlationsIntrusion detection systemIntrusion prediction systemAnomaly detection
原始语种摘要: ABSTRACT(#br)In recent years, network intrusion attempts have been on the rise. Malicious attempts, including hacking, botnets, and worms are used to intrude and compromise the organization's networks affecting their confidentiality, integrity and availability of resources. In order to detect these malicious activities, intrusion detection systems (IDSs) have been widely deployed in corporate networks. IDS sends alerts to security personnel in case of anomalous activities in the network. Unfortunately, one of the IDSs’ drawbacks is they produce a large number of false positives and non-relevant positives alerts that could overwhelm the security personnel. Existing efforts to address this are done via identification of the similarities and causality relationships between alerts, grouping...
全文获取路径: Taylor & Francis  (合作)
影响因子:0.705 (2012)