New Types of Alert Correlation for Security Information and Event Management Systems
作者: Gustavo Gonzalez Granadillo , Mohammed El-Barbori , Herve Debar
DOI: 10.1109/NTMS.2016.7792462
关键词:
摘要: Current Security Information and Event Management systems (SIEMs) constitute the central platform of modern security operations centers. They gather events from multiple sensors (intrusion detection systems, anti-virus, firewalls, etc.), correlate these events, deliver synthetic views alerts for threat handling reporting. However, as number incidents, thus diversity received by SIEMs increases, need appropriate treatment has become essential. Alert correlation been proposed in order to alleviate this problem. alert techniques provide a better description detected incident concise view generated alerts, reducing their volume processing time. Although such support administrators huge they remain limited, since solutions do not information about attacker's behavior defender's capability reacting attacks. In paper, we propose two novel approaches. The first is based on policy enforcement defender models; second indicators. We therefore enrich current state art with complementary
sci-hub.se 参考文章(14)
Yosra Ben Mustapha, Hervé Débar, Grégoire Jacob, Limitation of Honeypot/Honeynet Databases to Enhance Alert Correlation Lecture Notes in Computer Science. pp. 203- 217 ,(2012) , 10.1007/978-3-642-33704-8_18
Francisco José Mora-Gimeno, Francisco Maciá-Pérez, Iren Lorenzo-Fonseca, Juan Antonio Gil-Martínez-Abarca, Diego Marcos-Jorquera, Virgilio Gilart-Iglesias, Security alert correlation using growing neural gas computational intelligence and security. pp. 76- 83 ,(2011) , 10.1007/978-3-642-21323-6_10
Huwaida Tagelsir Elshoush, Izzeldin Mohamed Osman, Intrusion Alert Correlation Framework: An Innovative Approach Springer, Dordrecht. pp. 405- 420 ,(2013) , 10.1007/978-94-007-6190-2_31
Seyed Ali Mirheidari, Sajjad Arshad, Rasool Jalili, Alert Correlation Algorithms: A Survey and Taxonomy International Symposium on Cyberspace Safety and Security. pp. 183- 197 ,(2013) , 10.1007/978-3-319-03584-0_14
Mireille Ducass, Ludovic M, Benjamin Morin, M4D4: a Logical Framework to Support Alert Correlation in Intrusion Detection ,(2008)
Benjamin Morin, Ludovic Mé, Hervé Debar, Mireille Ducassé, M2D2: a formal data model for IDS alert correlation recent advances in intrusion detection. pp. 115- 137 ,(2002) , 10.1007/3-540-36084-0_7
Jouni Viinikka, Hervé Debar, Ludovic Mé, Anssi Lehikoinen, Mika Tarvainen, Processing intrusion detection alert aggregates with time series modeling Information Fusion. ,vol. 10, pp. 312- 324 ,(2009) , 10.1016/J.INFFUS.2009.01.003
S. Cheung, U. Lindqvist, M.W. Fong, Modeling multistep cyber attacks for scenario recognition darpa information survivability conference and exposition. ,vol. 1, pp. 284- 292 ,(2003) , 10.1109/DISCEX.2003.1194892
Benjamin Morin, Ludovic Mé, Hervé Debar, Mireille Ducassé, A logic-based model to support alert correlation in intrusion detection Information Fusion. ,vol. 10, pp. 285- 299 ,(2009) , 10.1016/J.INFFUS.2009.01.005
Sean Barnum, Attack Patterns: Knowing Your Enemy in Order to Defeat Them ,(2007)