• DocumentCode
    2006494
  • Title

    Identification of correlated network intrusion alerts

  • Author

    Marchetti, Mirco ; Colajanni, Michele ; Manganiello, Fabio

  • Author_Institution
    Dept. of Inf. Eng., Univ. of Modena & Reggio Emilia, Modena, Italy
  • fYear
    2011
  • fDate
    8-8 Sept. 2011
  • Firstpage
    15
  • Lastpage
    20
  • Abstract
    Attacks to information systems are becoming more sophisticated and traditional algorithms supporting Network Intrusion Detection Systems may be ineffective or cause too many false alarms. This paper describes a new algorithm for the correlation of alerts generated by Network Intrusion Detection Systems. It is specifically oriented to face multistep attacks where multiple intrusion activities belonging to the same attack scenario are performed within a small time window. This algorithm takes as its input the security alerts generated by a NIDS and, through a pseudo-bayesian alert correlation, is able to identify those that are likely to belong to the same multistep attack scenario. The proposed approach is completely unsupervised and applicable to security alerts generated by any kind of NIDS.
  • Keywords
    computer crime; computer network security; NIDS; correlated network intrusion alert; false alarm; information systems attack; pseudoBayesian alert correlation; Algorithm design and analysis; Correlation; Equations; Heuristic algorithms; Indexes; Intrusion detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Cyberspace Safety and Security (CSS), 2011 Third International Workshop on
  • Conference_Location
    Milan
  • Print_ISBN
    978-1-4577-1034-6
  • Type

    conf

  • DOI
    10.1109/CSS.2011.6058565
  • Filename
    6058565
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2006494