Alert Correlation Algorithms:A Survey and Taxonomy
Alert correlation is a system which receives alerts from heterogene ous Intrusion Detection Systems and reduces false alerts, detects high level pat terns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks.To reach these goals, many algorithms have been introduced in the word with many advantages and disad vantages.In this paper, we are trying to present a comprehensive survey on al ready proposed alert correlation algorithms.The approach of this survey is mainly focused on algorithms in correlation engines which can work in enter prise and practical networks.Having this aim in mind, many features related to accuracy, functionality, and computation power are introduced and all algo rithm categories are assessed with these features.The result of this survey shows that each category of algorithms has its own strengths and an ideal corre lation frameworks should be carried the strength feature of each category.
Network Security Intrusion Detection System Alert Alert Correlation Attack Scenario Similarity-based Knowledge-based Statistical-based
Seyed Ali Mirheidari Sajjad Arshad Rasool Jalili
Computer Engineering Department,Sharif University of Technology,International Campus;Data and Networ Data and Network Security Laboratory (DNSL),Sharif University of Technology Data and Network Security Laboratory (DNSL),Sharif University of Technology;Computer Engineering Dep
国际会议
The 5th International Symposium on Cyberspace Safety and Security ( CSS2013)(第五届国际网络空间安全和安保研讨会)
张家界
英文
183-197
2013-11-13(万方平台首次上网日期,不代表论文的发表时间)