• DocumentCode
    2940211
  • Title

    Alert Correlation through Results Tracing back to Reasons

  • Author

    Ping, Yi ; Hongkai, Xing ; Yue, Wu ; Jiwen, Cai

  • Author_Institution
    Sch. of Inf. Security Eng., Shanghai Jiao Tong Univ., Shanghai
  • Volume
    3
  • fYear
    2009
  • fDate
    6-8 Jan. 2009
  • Firstpage
    465
  • Lastpage
    469
  • Abstract
    IDS may result in many intrusion alerts. A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario. Author presents a method for alert correlation through results tracing back to reasons. According to hacker attacks linked to a certain sequence characteristics, we correlate the alerts through results tracing back to reasons and gain the correlated alerts. This method can found internal relations of invasion, to accurately identify intrusion targets. Through succeed attacks to match the previous attacks, we can greatly reduce the volume of data, and improve speed and efficiency for correlation analysis.
  • Keywords
    correlation methods; security of data; alert correlation; correlation analysis; intrusion alerts; intrusion detection system; results tracing back to reasons; Bayesian methods; Data security; Degradation; Information security; Intrusion detection; Mobile communication; Mobile computing; Performance analysis; Target tracking; Telecommunication traffic; alert correlation; intrusion detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications and Mobile Computing, 2009. CMC '09. WRI International Conference on
  • Conference_Location
    Yunnan
  • Print_ISBN
    978-0-7695-3501-2
  • Type

    conf

  • DOI
    10.1109/CMC.2009.327
  • Filename
    4797297
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2940211