期刊名称:International Journal of Network Security & Its Applications
印刷版ISSN:0975-2307
电子版ISSN:0974-9330
出版年度:2016
卷号:8
期号:3
页码:1
DOI:10.5121/ijnsa.2016.8301
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:With the growing deployment of host-based and network-based intrusion detection systems in increasinglylarge and complex communication networks, managing low-level alerts from these systems becomescritically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) orintrusion prevention systems (IPSs) are collected throughout a monitored network such that large series ofalerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially bea sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administratorscannot manage the large number of alerts occurring per second, in particular since most alerts are falsepositives. Hence, an emerging track of security research has focused on alert correlation to better identifytrue positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis(MONA). This method builds on data correlation to derive network dependencies and manage securityevents by linking incoming alerts to network dependencies.
关键词:Network Dependency Analysis; Security Event Management; Data Correlation
