Strategic Management of Security Information through an Entropy-Based Alert Correlator

نویسنده

  • G. C. Garriga
چکیده

Strategic Management of Security Information through an Entropy-Based Alert Correlator We present an integrated system to process in real time a huge incoming stream of alerts produced by current intrusion detection systems. A key component of this system includes an unsupervised clustering algorithm that combines a temporal sliding window, entropy tests, and expert rules to track the on-the-fly evolution of alert groups.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Knowledge-Based Alert Evaluation and Security Decision Support Framework

In this paper, a generic architecture for intrusion alert management, analysis and security decision support is described. The architecture is composed of four components: (1)Alert Aggregator, (2)Alert Evaluation and Security Decision Support Component, (3)Alert Correlator and (4)Synthetic Alert Report Generator. The core of this architecture is the Alert Evaluation and Security Decision Suppor...

متن کامل

Critical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)

The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...

متن کامل

Exploring the infrastructures for establishment of electronic municipality (e-municipality) in metropolis city of Tabriz

The purpose of this study is to explore infrastructures for establishment of electronic municipality in metropolis city of Tabriz. Thisis a descriptive survey and it is an applied one in terms of goal .Total sample consisted of total number of 120 employees in Statistics and Information Technology Department of municipality as well as those working in related sections to information technolog...

متن کامل

An Intrusion Alert Correlator Based on Prerequisites of Intrusions

Current intrusion detection systems (IDSs) usually focus on detecting low-level attacks and/or anomalies; none of them can capture the logical steps or attack strategies behind these attacks. Consequently, the IDSs usually generate a large amount of alerts. In situations where there are intensive intrusive actions, not only will actual alerts be mixed with false alerts, but the amount of alerts...

متن کامل

A Mission-Impact-Based Approach to INFOSEC Alarm Correlation

We describe a mission-impact-based approach to the analysis of security alerts produced by spatially distributed heterogeneous information security (INFOSEC) devices, such as firewalls, intrusion detection systems, authentication services, and antivirus software. The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices throug...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008