Title :
Hierarchical Distributed Alert Correlation Model
Author :
Tian, Donghai ; Changzhen, Hu ; Qi, Yang ; Jianqiao, Wang
Author_Institution :
Lab. for Comput. Network Defense Technol., Beijing Inst. of Technol., Beijing, China
Abstract :
Alert correlation is a promising technique in intrusion detection. It takes the alerts produced by intrusion detection systems and produces compact reports which provide a more succinct and high-level view of occurring or attempted intrusions and highly improve security expert´s work efficiency. Traditional alert correlation system adopts a centralized architecture which can be easily over flooded by the raw alarms. To address this issue, a distributed alert correlation model based on hierarchical architecture is proposed. This model greatly improves the performance of alert correlation through integrating three novel methods. The experiments show effectiveness of this alert correlation model on 2000 DARPA intrusion detection scenario specific datasets.
Keywords :
distributed processing; hierarchical systems; security of data; software architecture; centralized architecture; hierarchical architecture; hierarchical distributed alert correlation model; intrusion detection; security; Computer architecture; Computer networks; Computer science education; Computer security; Data security; Distributed computing; Distributed databases; Educational technology; Information security; Intrusion detection; distributed alert correlation; hierarchical model; intrusion detection;
Conference_Titel :
Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-0-7695-3744-3
DOI :
10.1109/IAS.2009.26
