Abstract
Alerts are information generated by the Intrusion Detection System (IDS). Alert Correlation is a method to defining a high related alert and analyze alert in the high-level analysis without ignoring the information of detection. In previous research, alert correlation model was developed using pre-defined knowledge. In this research, we proposed a new model of alert correlation using similarity approach to define the correlation between alert by analyzing the feature in alert flows traffic without using pre-defined knowledge and precondition. In our model, we introduce two-step in analyzing the feature of alert flows called Low-level Alert Analysis and High-Level Alert Analysis. The result showed that our model could define 84% or 129 correlated alert pairwise from 153 alert pairwise that extracted alert flows traffic.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
