Title :
A complete operational architecture of alert correlation
Author :
Amiri, Fatemeh ; Gharaee, Hossein ; Enayati, Ali Reza
Author_Institution :
Center of Excellence: Control & Intell., Process. of Electr. & Comput. Eng., Univ. of Tehran, Tehran, Iran
Abstract :
To defend against various attacks, many security systems such as intrusion detection systems are deployed into hosts and networks to better protect digital assets. However, there are well-known problems related to the current intrusion detection systems. To better understand security threats from various sources and take appropriate response, it is necessary to perform alert correlation. This paper proposes a general alert correlation architecture, including four important components: log management, alert correlation, incident response and knowledge base system. The focus is to describe most important operations in alert correlation component. The proposed architecture includes anomaly-based analysis in alert correlation component. Different techniques for alert correlation are reviewed and compared. This study proposes that a hybrid model of multiple techniques leads to better performance of alert correlation engine.
Keywords :
security of data; alert correlation architecture; alert correlation engine; anomaly-based analysis; incident response; intrusion detection systems; knowledge base system; log management; operational architecture; security threats; Computer architecture; Correlation; Intrusion detection; Knowledge based systems; Sensor phenomena and characterization; alert correlation; anomaly-base analysis; correlation techniques; knowledge base;
Conference_Titel :
Computational Aspects of Social Networks (CASoN), 2011 International Conference on
Conference_Location :
Salamanca
Print_ISBN :
978-1-4577-1132-9
DOI :
10.1109/CASON.2011.6085952
