Title :
Alertclu: A Realtime Alert Aggregation and Correlation System
Author :
Zhihong, Tian ; Baoshan, Qin ; Jianwei, Ye ; Hongli, Zhang
Author_Institution :
Center of Comput. Network & Inf. Security Technol., Harbin Inst. of Technol., Harbin
Abstract :
Intrusion detection can be defined as the process of identifying malicious behavior that targets a network and its resources. An important problem in the field of intrusion detection is the management of alerts. This paper describes a realtime aggregation and correlation system named Alertclu. With the aid of similarity-based alert clustering analysing technology, Alertclu can improve the aggregation of intrusion detection system outputs and allow one to seamlessly incorporate additional information. In addition, Alertclu supports the operators by classifying alerts into true positives and false positives. The results of experiment show that the proposed system is able to reduce the numerous redundant alerts and effectively reduces the analyst operators´ workload.
Keywords :
pattern classification; pattern clustering; security of data; Alertclu; alert classification; alert management; correlation system; intrusion detection; malicious behavior identification; real-time alert aggregation system; similarity-based alert clustering analysing technology; Computer networks; Computerized monitoring; Data security; Humans; IP networks; Information analysis; Information security; Information systems; Intrusion detection; Protection;
Conference_Titel :
Cyberworlds, 2008 International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-0-7695-3381-0
DOI :
10.1109/CW.2008.116
