• DocumentCode
    2966829
  • Title

    An Intrusion Alert Correlation Approach Based on Finite Automata

  • Author

    Liu, Lei ; Zheng, Kangfeng ; Yang, Yixian

  • Author_Institution
    Key Lab. Of Network & Inf. Attack, Beijing Univ. Of Posts & Telecommun., Beijing, China
  • fYear
    2010
  • fDate
    13-14 Oct. 2010
  • Firstpage
    80
  • Lastpage
    83
  • Abstract
    Intrusion alert analysis system correlates alerts that generated by one or more IDS(s), and yields a succinct attack scenario which reflects an intrusion process. This paper presents an intrusion alert analysis model consists of four modules: alert formalization, alert filtering, alert fusion and correlation, and scenario visualization. Alerts are fused and correlated using approach based on finite automata. Three kinds of high-level views of attacks are generated, i.e. process-critical scenario, attacker-critical scenario, and victim-critical scenario. Experiments show that the approach can reduce the redundancy of intrusion alerts and correlate them well.
  • Keywords
    correlation methods; filtering theory; finite automata; security of data; alert filtering; alert formalization; alert fusion; attacker-critical scenario; finite automata; intrusion alert analysis system; intrusion alert correlation; succinct attack scenario; victim-critical scenario; Analytical models; Automata; Correlation; Data mining; Filtering; Laboratories; Training data; IDS; alert correlation; alert fusion; finite automaton;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications and Intelligence Information Security (ICCIIS), 2010 International Conference on
  • Conference_Location
    Nanning
  • Print_ISBN
    978-1-4244-8649-6
  • Electronic_ISBN
    978-0-7695-4260-7
  • Type

    conf

  • DOI
    10.1109/ICCIIS.2010.37
  • Filename
    5629029
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2966829