• DocumentCode
    2565713
  • Title

    Real-Time Intrusion Alert Correlation System Based on Prerequisites and Consequence

  • Author

    Lin Zhaowen ; Li Shan ; Ma Yan

  • Author_Institution
    Inst. of Networking Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
  • fYear
    2010
  • fDate
    23-25 Sept. 2010
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    On the basis of research and analysis of the current intrusion alerts correlation technologies, the real-time intrusion alert correlation model based on prerequisite and consequence (RIAC) is proposed, which can adapt the large scale, distributed environment and provide on-line correlation function. RIAC system employs distributed agents to collect alert information on-line and adopts prerequisite-consequence correlation method to analysis and discovery attack scenario and intrusion intent behind alerts. A prototype is implemented and validation testing and real-time testing is carried on by using the real IPv6 dataset. The results show that RIAC can correlate alerts and discovery attack scenario efficiently and timely.
  • Keywords
    IP networks; correlation methods; consequence; current intrusion alerts correlation technologies; discovery attack scenario; prerequisites; real IPv6 dataset; real-time intrusion alert correlation system; Correlation; Intrusion detection; Knowledge based systems; Real time systems; Testing; Time factors;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Wireless Communications Networking and Mobile Computing (WiCOM), 2010 6th International Conference on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-1-4244-3708-5
  • Electronic_ISBN
    978-1-4244-3709-2
  • Type

    conf

  • DOI
    10.1109/WICOM.2010.5601285
  • Filename
    5601285
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2565713