文章基本信息
- 标题:Intrusion Alert Correlation Technique Analysis for Heterogeneous Log
- 本地全文:下载
- 作者:Robiah Yusof ; Siti Rahayu Selamat ; Shahrin Sahib 等
- 期刊名称:International Journal of Computer Science and Network Security
- 印刷版ISSN:1738-7906
- 出版年度:2008
- 卷号:8
- 期号:9
- 页码:132-138
- 出版社:International Journal of Computer Science and Network Security
- 摘要:
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System (IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to improve the current alert correlation technique. They are capability to do alert reduction, alert clustering, identify multi-step attack, reduce false alert, detect known attack and detect unknown attack.
- 关键词:
IDS, Alert correlation, Heterogeneous log, capability criteria
