A survey of intrusion alert correlation and its design considerations

Leau, Yu Beng and Sureswaran Ramadass, and Selvakumar Manickam, and A Tabet, Tamer (2014) A survey of intrusion alert correlation and its design considerations. IETE Technical Review (Institution of Electronics and Telecommunication Engineers, India), 31 (3). pp. 233-240. ISSN 2564602

[img]
Preview
Text
A_survey_of_intrusion_alert_correlation_and_its_design_considerations.pdf

Download (45kB) | Preview

Abstract

In recent years, network intrusion attempts have been on the rise. Malicious attempts, including hacking, botnets, and worms are used to intrude and compromise the organization's networks affecting their confidentiality, integrity and availability of resources. In order to detect these malicious activities, intrusion detection systems (IDSs) have been widely deployed in corporate networks. IDS sends alerts to security personnel in case of anomalous activities in the network. Unfortunately, one of the IDSs' drawbacks is they produce a large number of false positives and non-relevant positives alerts that could overwhelm the security personnel. Existing efforts to address this are done via identification of the similarities and causality relationships between alerts, grouping them into different clusters and prioritizing them after conducting the assessment on them. In this paper, we present commonly used alert correlation approaches and highlight the advantages and disadvantages from various perspectives. Existing alert correlation models are critically reviewed and compared in this paper. Subsequently, we emphasize four main considerations in alert correlation design which are: attack scenario either single packet or multi-stage attack, its architecture either centralized or distributed, performance assessment on accuracy of alert detection, and its processing time and the data to be used for testing.Copyright © 2014 by the IETE.

Item Type: Article
Uncontrolled Keywords: Alert correlations; Anomaly detection; Intrusion detection system; Intrusion prediction system
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Depositing User: MDM FAUZIAH MATSIN
Date Deposited: 05 Feb 2015 03:56
Last Modified: 12 Oct 2017 02:32
URI: http://eprints.ums.edu.my/id/eprint/10385

Actions (login required)

View Item View Item

Browse Repository
Collection
   Articles
   Book
   Speeches
   Thesis
   UMS News
Search
Quick Search

   Latest Repository

Link to other Malaysia University Institutional Repository

Malaysia University Institutional Repository