Title :
Real-Time Intrusion Alert Correlation System Based on Prerequisites and Consequence
Author :
Lin Zhaowen ; Li Shan ; Ma Yan
Author_Institution :
Inst. of Networking Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
On the basis of research and analysis of the current intrusion alerts correlation technologies, the real-time intrusion alert correlation model based on prerequisite and consequence (RIAC) is proposed, which can adapt the large scale, distributed environment and provide on-line correlation function. RIAC system employs distributed agents to collect alert information on-line and adopts prerequisite-consequence correlation method to analysis and discovery attack scenario and intrusion intent behind alerts. A prototype is implemented and validation testing and real-time testing is carried on by using the real IPv6 dataset. The results show that RIAC can correlate alerts and discovery attack scenario efficiently and timely.
Keywords :
IP networks; correlation methods; consequence; current intrusion alerts correlation technologies; discovery attack scenario; prerequisites; real IPv6 dataset; real-time intrusion alert correlation system; Correlation; Intrusion detection; Knowledge based systems; Real time systems; Testing; Time factors;
Conference_Titel :
Wireless Communications Networking and Mobile Computing (WiCOM), 2010 6th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-3708-5
Electronic_ISBN :
978-1-4244-3709-2
DOI :
10.1109/WICOM.2010.5601285
