Alert Management and Correlation
作者: Ali A. Ghorbani , Wei Lu , Mahbod Tavallaee
DOI: 10.1007/978-0-387-88771-5_6
关键词:
摘要: Alert management includes functions to cluster, merge and correlate alerts. The clustering merging recognize alerts that correspond the same occurrence of an attack create a new alert merges data contained in these various correlation function can relate different build big picture attack. correlated also be used for cooperative intrusion detection tracing its source.
springer.com
springerlink.com参考文章(48)
Udo W. Pooch, Curtis A. Carver, Adaptive agent-based intrusion response Texas A&M University. ,(2001)
Peng Ning, Yun Cui, An Intrusion Alert Correlator Based on Prerequisites of Intrusions North Carolina State University at Raleigh. ,(2002)
Reza Sadoddin, Ali A. Ghorbani, Real-time alert correlation using stream data mining techniques innovative applications of artificial intelligence. pp. 1731- 1737 ,(2008)
Salem Benferhat, Fabien Autrel, Frédéric Cuppens, Alexandre Miège, Recognizing Malicious Intention in an Intrusion Detection Process. HIS. pp. 806- 817 ,(2002)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
Robert P. Goldman, A stochastic model for intrusions recent advances in intrusion detection. pp. 199- 218 ,(2002) , 10.1007/3-540-36084-0_11
Uwe Aickelin, Gianni Tedesco, Adaptive alert throttling for intrusion detection systems arXiv: Cryptography and Security. ,(2003)
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Ran Zhang, Depei Qian, Heng Chen, Weiguo Wu, Collaborative intrusion detection based on coordination agent parallel and distributed computing: applications and technologies. pp. 175- 179 ,(2003) , 10.1109/PDCAT.2003.1236282
Phillip A. Porras, Martin W. Fong, Alfonso Valdes, A mission-impact-based approach to INFOSEC alarm correlation recent advances in intrusion detection. pp. 95- 114 ,(2002) , 10.1007/3-540-36084-0_6