Hierarchical Distributed Alert Correlation Model
Alert correlation is a promising technique in intrusion detection. It takes the alerts produced by intrusion detection systems and produces compact reports which provide a more succinct and high-level view of occurring or attempted intrusions and highly improve security experts work efficiency. Traditional alert correlation system adopts a centralized architecture which can be easily over flooded by the raw alarms. To address this issue, a distributed alert correlation model based on hierarchical architecture is proposed. This model greatly improves the performance of alert correlation through integrating three novel methods. The experiments show effectiveness of this alert correlation model on 2000 DARPA intrusion detection scenario specific datasets.
intrusion detection hierarchical model distributed alert correlation
Donghai Tian Hu Changzhen Yang Qi Wang Jianqiao
Lab for Computer Network Defense Technology Beijing Institute of Technology Beijing,China Lab for Database & Network Computing South China University of Technology Guangzhou,China Zhejiang Education Institute Hangzhou,China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
765-768
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)