Leau, Yu Beng and Sureswaran Ramadass and Selvakumar Manickam and A Tabet, Tamer (2014) A survey of intrusion alert correlation and its design considerations. IETE Technical Review (Institution of Electronics and Telecommunication Engineers, India), 31 (3). pp. 233-240. ISSN 2564602
|
Text
A_survey_of_intrusion_alert_correlation_and_its_design_considerations.pdf Download (45kB) | Preview |
Abstract
In recent years, network intrusion attempts have been on the rise. Malicious attempts, including hacking, botnets, and worms are used to intrude and compromise the organization's networks affecting their confidentiality, integrity and availability of resources. In order to detect these malicious activities, intrusion detection systems (IDSs) have been widely deployed in corporate networks. IDS sends alerts to security personnel in case of anomalous activities in the network. Unfortunately, one of the IDSs' drawbacks is they produce a large number of false positives and non-relevant positives alerts that could overwhelm the security personnel. Existing efforts to address this are done via identification of the similarities and causality relationships between alerts, grouping them into different clusters and prioritizing them after conducting the assessment on them. In this paper, we present commonly used alert correlation approaches and highlight the advantages and disadvantages from various perspectives. Existing alert correlation models are critically reviewed and compared in this paper. Subsequently, we emphasize four main considerations in alert correlation design which are: attack scenario either single packet or multi-stage attack, its architecture either centralized or distributed, performance assessment on accuracy of alert detection, and its processing time and the data to be used for testing.Copyright © 2014 by the IETE.
Item Type: | Article |
---|---|
Keyword: | Alert correlations; Anomaly detection; Intrusion detection system; Intrusion prediction system |
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering |
Depositing User: | MDM FAUZIAH MATSIN |
Date Deposited: | 05 Feb 2015 11:56 |
Last Modified: | 12 Oct 2017 10:32 |
URI: | https://eprints.ums.edu.my/id/eprint/10385 |
Actions (login required)
View Item |