Abstract
Network Intrusion Detection Systems (NIDS) are considered as essential mechanisms to ensure reliable security. In an intrusion detection context, none of the main detection approaches (signature-based and anomaly-based) are fully satisfactory. False positives (detected non-attacks) and false negatives (non-detected attacks) are the major limitations of such systems. The generated alerts are elementary and in huge numbers. Hence, alert correlation techniques are used to provide a complementary analysis to link elementary alerts and provide a more global intrusion view. We propose an alert correlation and aggregation framework based on requires/provides model. The objective is to discover the logical relationships between atomic alerts potentially incorporated in multi-stage attacks. The obtained results illustrate that the proposed system can effectively detect coordinated attack with minimum false positives.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
