A Comparative Study of Alert Correlations for Intrusion Detection
作者: Leau Yu Beng , Sureswaran Ramadass , Selvakumar Manickam , Tan Soo Fun
关键词:
摘要: The prevalent use of computer applications and communication technologies has rising the numbers network intrusion attempts. These malicious attempts including hacking, botnets works are pushing organization networks to a risky atmosphere where intruder tries compromise confidentiality, integrity availability resources. In order detect these activities, Intrusion Detection Systems (IDSs) have been widely deployed in corporate networks. IDSs play an important role monitoring traffic behaviors network, identifying anomalous activity notifying security analyst with current status. Unfortunately, one IDSs' drawbacks is they produce large number false positives non-relevant alerts that could overwhelm analyst. Therefore, process analyzing provide more synthetic high-level view attempted intrusions needed. This called Alert Correlation. this paper, we present commonly used alert correlation approaches highlight their advantages disadvantages from various perspectives. Subsequently, summarize some models approach.
ums.edu.my
computer.org
researchgate.net 参考文章(35)
Ali A. Ghorbani, Bin Zhu, Alert Correlation for Extracting Attack Strategies International Journal of Network Security. ,vol. 3, pp. 244- 258 ,(2006)
Salem Benferhat, Karima Sedki, ALERT CORRELATION BASED ON A LOGICAL HANDLING OF ADMINISTRATOR PREFERENCES AND KNOWLEDGE international conference on security and cryptography. pp. 50- 56 ,(2008)
G.C. Tjhai, M. Papadaki, S.M. Furnell, N.L. Clarke, Investigating the problem of IDS false alarms: An experimental study using Snort information security conference. pp. 253- 267 ,(2008) , 10.1007/978-0-387-09699-5_17
Karim Tabia, Philippe Leray, Handling IDS' reliability in alert correlation: A Bayesian network-based model for handling IDS's reliability and controlling prediction/false alarm rate tradeoffs international conference on security and cryptography. pp. 14- 24 ,(2010)
Reza Anbarestani, Behzad Akbari, Fariba Fathi, An iterative alert correlation method for extracting network intrusion scenarios iranian conference on electrical engineering. pp. 684- 689 ,(2012) , 10.1109/IRANIANCEE.2012.6292441
Fatemeh Kavousi, Behzad Akbari, Automatic learning of attack behavior patterns using Bayesian networks international symposium on telecommunications. pp. 999- 1004 ,(2012) , 10.1109/ISTEL.2012.6483132
Lydia Bouzar-Benlabiod, Salem Benferhat, Thouraya Boubana-Tebibel, Integrating security operator knowledge and preferences to the alert correlation process 2010 International Conference on Machine and Web Intelligence. pp. 416- 420 ,(2010) , 10.1109/ICMWI.2010.5648098
Zhaowen Lin, Shan Li, Yan Ma, Real-Time Intrusion Alert Correlation System Based on Prerequisites and Consequence 2010 International Conference on Computational Intelligence and Software Engineering. pp. 1- 5 ,(2010) , 10.1109/WICOM.2010.5601285
Chenn-Jung Huang, Ching-Yu Li, Yu-Wu Wang, Chin-Fa Lin, Jia-Jian Liao, Kai-Wen Hu, An Adaptive Rule-Based Intrusion Alert Correlation Detection Method international conference on networking. pp. 222- 226 ,(2010) , 10.1109/ICNDC.2010.53
Chenfeng Vincent Zhou, Christopher Leckie, Shanika Karunasekera, A survey of coordinated attacks and collaborative intrusion detection Computers & Security. ,vol. 29, pp. 124- 140 ,(2010) , 10.1016/J.COSE.2009.06.008