A Survey of Alert Fusion Techniques for Security Incident
Security incident have been imposing tremendous threats on today’s network information system. To protect this information system from the increasing threat of intrusion, various kinds of detection systems and sensors for security incident have been developed. The main disadvantages of current systems and sensors are a high false detection rate and the lack of post-incident decision support capability. To minimize these drawbacks, various alert fusion technologies have been proposed in the recent years. This paper presents a general summary of these technologies. Basic models and key technologies of alert fusion are analyzed and discussed. Moreover, important aggregation and correlation algorithms are discussed. Finally, we make concluding remarks by predicting the development tendencies of alert correlation technologies.
Tianning Zang Xiaochun Yun Yongzheng Zhang
Harbin Engineering University;Institute of Computing Technology of the Chinese Academy of Science Institute of Computing Technology of the Chinese Academy of Science
国际会议
The Ninth International Conference on Web-Age Information Management(第九届web时代信息管理国际会议)(WAIM 2008)
张家界
英文
2008-07-20(万方平台首次上网日期,不代表论文的发表时间)