An Operational Framework for Alert Correlation using a Novel Clustering Approach
نویسندگان
چکیده
منابع مشابه
A Novel Framework for Alert Correlation and Understanding
We propose a novel framework named Hidden Colored PetriNet for Alert Correlation and Understanding (HCPN-ACU) in intrusion detection system. This model is based upon the premise that intrusion detection may be viewed as an inference problem – in other words, we seek to show that system misusers are carrying out a sequence of steps to violate system security policies in some way, with earlier st...
متن کاملAn Improved Framework for Intrusion Alert Correlation
Alert correlation analyzes the alerts from one or more collaborative Intrusion Detection Systems (IDSs) to produce a concise overview of security-related activity on the network. The process consists of multiple components, each responsible for a different aspect of the overall correlation goal. The sequence order of the correlation components affects the correlation process performance. The to...
متن کاملAn Online Adaptive Approach to Alert Correlation
The current intrusion detection systems (IDSs) generate a tremendous number of intrusion alerts. In practice, managing and analyzing this large number of low-level alerts is one of the most challenging tasks for a system administrator. In this context alert correlation techniques aiming to provide a succinct and high-level view of attacks gained a lot of interest. Although, a variety of methods...
متن کاملA Probabilistic-Based Framework for INFOSEC Alert Correlation
To my dear family: Thank you for all of your love, support and encouragements. iii ACKNOWLEDGEMENTS I would like to express my sincere and deep gratitude to my advisor, Dr. Wenke Lee, for his great support, guidance, patience and encouragement during the past several years. Wenke has not only guided and helped me on my research work, but also taught me important values of life. He can always di...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: International Journal of Computer Applications
سال: 2012
ISSN: 0975-8887
DOI: 10.5120/8618-2480