Abstract
An event correlation system is a system that receives events from various intrusion detection systems, reduces the number of false events, detects high-level attacks, raises the value of incidents, predicts future attacks, and detects sources of attacks. Many algorithms have their advantages and disadvantages. This article provides an overview of existing event correlation algorithms. The material presented in the article is focused on the algorithms used in correlation mechanisms. The authors of the article introduce functions related to accuracy, functionality and computational capabilities, and compare the categories of algorithms using these functions. The result of this review shows that each category of algorithms has its own strengths, and ideal event correlation systems should have the strengths of each of the categories. In conclusion, the authors of the article conclude that these algorithms are effective and can be used as a correlator module in systems of the SIEM class. Based on the results, the authors make a choice in favor of knowledge base algorithms because of their high accuracy, which is a prerequisite for the application of the algorithm in the field of information security, and low resource consumption.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
