A survey of intrusion alert correlation and its design considerations

Leau , Yu Beng and Sureswaran Ramadass, and Selvakumar Manickam, and A Tabet, Tamer (2014) A survey of intrusion alert correlation and its design considerations. IETE Technical Review (Institution of Electronics and Telecommunication Engineers, India), 31 (3). pp. 233-240. ISSN 2564602

[img]
Preview
PDF
43Kb

Official URL: http://dx.doi.org/10.1080/02564602.2014.906864

Abstract

In recent years, network intrusion attempts have been on the rise. Malicious attempts, including hacking, botnets, and worms are used to intrude and compromise the organization's networks affecting their confidentiality, integrity and availability of resources. In order to detect these malicious activities, intrusion detection systems (IDSs) have been widely deployed in corporate networks. IDS sends alerts to security personnel in case of anomalous activities in the network. Unfortunately, one of the IDSs' drawbacks is they produce a large number of false positives and non-relevant positives alerts that could overwhelm the security personnel. Existing efforts to address this are done via identification of the similarities and causality relationships between alerts, grouping them into different clusters and prioritizing them after conducting the assessment on them. In this paper, we present commonly used alert correlation approaches and highlight the advantages and disadvantages from various perspectives. Existing alert correlation models are critically reviewed and compared in this paper. Subsequently, we emphasize four main considerations in alert correlation design which are: attack scenario either single packet or multi-stage attack, its architecture either centralized or distributed, performance assessment on accuracy of alert detection, and its processing time and the data to be used for testing.Copyright © 2014 by the IETE.

Item Type:Article
Uncontrolled Keywords:Alert correlations; Anomaly detection; Intrusion detection system; Intrusion prediction system
Subjects:T Technology > TK Electrical engineering. Electronics Nuclear engineering
ID Code:10385
Deposited By:IR Admin
Deposited On:05 Feb 2015 11:56
Last Modified:17 Feb 2015 12:36

Repository Staff Only: item control page


Browse Repository
Collection
   Articles
   Book
   Speeches
   Thesis
   UMS News
Search
Quick Search

   Latest Repository

Link to other Malaysia University Institutional Repository

Malaysia University Institutional Repository