Title :
Identification of correlated network intrusion alerts
Author :
Marchetti, Mirco ; Colajanni, Michele ; Manganiello, Fabio
Author_Institution :
Dept. of Inf. Eng., Univ. of Modena & Reggio Emilia, Modena, Italy
Abstract :
Attacks to information systems are becoming more sophisticated and traditional algorithms supporting Network Intrusion Detection Systems may be ineffective or cause too many false alarms. This paper describes a new algorithm for the correlation of alerts generated by Network Intrusion Detection Systems. It is specifically oriented to face multistep attacks where multiple intrusion activities belonging to the same attack scenario are performed within a small time window. This algorithm takes as its input the security alerts generated by a NIDS and, through a pseudo-bayesian alert correlation, is able to identify those that are likely to belong to the same multistep attack scenario. The proposed approach is completely unsupervised and applicable to security alerts generated by any kind of NIDS.
Keywords :
computer crime; computer network security; NIDS; correlated network intrusion alert; false alarm; information systems attack; pseudoBayesian alert correlation; Algorithm design and analysis; Correlation; Equations; Heuristic algorithms; Indexes; Intrusion detection;
Conference_Titel :
Cyberspace Safety and Security (CSS), 2011 Third International Workshop on
Conference_Location :
Milan
Print_ISBN :
978-1-4577-1034-6
DOI :
10.1109/CSS.2011.6058565
