期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2007
卷号:7
期号:12
页码:210-215
出版社:International Journal of Computer Science and Network Security
摘要:With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. In this paper, we present an alert correlation technique based on causal relationships between alerts. The goal of the proposed technique is not only to group alerts together, but also to represent the correlated alerts in a way that they reflect the corresponding attack scenarios.
