Abstract

Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detection systems, reduces nonrelevant ones, groups together alerts based on similarity and causality relationships between them and finally makes aconcise and meaningful view of occurring or attempted intrusions. Unfortunately, most correlation approaches use just a few components that aim only specific correlation issues and so cause reduction in correlation rate. This paper uses a general correlation model that has already been presented in [9] and is consisted of a comprehensive set of components. Then some changes are applied in the component that is related to multi-step attack scenario to detect them better and so to improve semantic level of alerts. The results of experiments with DARPA 2000 data set obviously show the effectiveness of the proposed approach. DOI: http://dx.doi.org/10.11591/ijece.v3i4.2771

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
An Online Adaptive Approach to Alert Correlation
Hanli Ren ... Natalia Stakhanova
-
Hanli Ren, et. al.Hanli Ren ... Natalia Stakhanova
01 Jan 2009
A Survey of Intrusion Alert Correlation and Its Design Considerations
Leau Yu Beng ... Tan Soo Fun
IETE Technical Review | VOL. 31
Leau Yu Beng, et. al.Leau Yu Beng ... Tan Soo Fun
04 May 2014
Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data
Michael Heigl ... Dalibor Fiala
Electronics | VOL. 10
Michael Heigl, et. al.Michael Heigl ... Dalibor Fiala
04 Sep 2021
Multistep Attack Detection and Alert Correlation in Intrusion Detection Systems
Fabio Manganiello ... Mirco Marchetti
-
Fabio Manganiello, et. al.Fabio Manganiello ... Mirco Marchetti
01 Jan 2010
View more papers

More From: International Journal of Electrical and Computer Engineering (IJECE)

Paper Title
Journal
Date
Author
Design a smart platform translating Arabic sign language to English language
Maha Alamri ... Sonia Lajmi
International Journal of Electrical and Computer Engineering (IJECE) | VOL. 14
Maha Alamri, et. al.Maha Alamri ... Sonia Lajmi
01 Aug 2024
Deep learning based multi disease classification of plant leaves using light weight residual architecture
Muniyandi Sadhasivam ... James Gladson Maria Britto
International Journal of Electrical and Computer Engineering (IJECE) | VOL. 14
Muniyandi Sadhasivam, et. al.Muniyandi Sadhasivam ... James Gladson Maria Britto
01 Aug 2024
Robust parameter determination approach based on red-tailed hawk optimization used for lithium-ion battery
Sulaiman Z Almutair ... Yahia Bahaa Hassan
International Journal of Electrical and Computer Engineering (IJECE) | VOL. 14
Sulaiman Z Almutair, et. al.Sulaiman Z Almutair ... Yahia Bahaa Hassan
01 Aug 2024
Message steganography using separate locations and blocks
Rashad J Rasras ... Ziad Alqadi
International Journal of Electrical and Computer Engineering (IJECE) | VOL. 14
Rashad J Rasras, et. al.Rashad J Rasras ... Ziad Alqadi
01 Aug 2024
View more papers