Abstract
Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks, and the non predefined knowledge based methods lack the capability to analyze multistep attacks. This paper presents a multilevel correlation method used in the Unified Platform of Network Security Management (UPNSM). This method combines the two methods mentioned above together in analyzing multisource alerts. The goal is to pull out false positive, extract real threats and discover unknown attacks. Experiments show that our multilevel correlation modeling and deployment techniques are effective in achieving this goal.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
