Abstract
On the basis of research and analysis of the current intrusion alerts correlation technologies, the real-time intrusion alert correlation model based on prerequisite and consequence (RIAC) is proposed, which can adapt the large scale, distributed environment and provide on-line correlation function. RIAC system employs distributed agents to collect alert information on-line and adopts prerequisite-consequence correlation method to analysis and discovery attack scenario and intrusion intent behind alerts. A prototype is implemented and validation testing and real-time testing is carried on by using the real IPv6 dataset. The results show that RIAC can correlate alerts and discovery attack scenario efficiently and timely.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call