An analysis of correlations of intrusion alerts in an NREN

Author

Bartos, Vaclav ; Zadnik, Martin

Author_Institution

Brno Univ. of Technol., Brno, Czech Republic

fYear

2014

fDate

1-3 Dec. 2014

Firstpage

305

Lastpage

309

Abstract

An ever increasing impact and amount of network attacks have driven many organizations to deploy various network monitoring and analysis systems such as honeypots, intrusion detection systems, log analyzers and flow monitors. Besides improving these systems a logical next step is to collect and correlate alerts from multiple systems distributed across organizations. The idea is to leverage a joint effect of multiple monitoring systems to build a more robust and efficient system, ideally, lacking the shortcomings of the individual contributing systems. This paper presents an analysis of alert reports gathered from several such detectors deployed in national research and education network (NREN). The analysis focuses on the correlations of reported events in temporal domain as well as on the correlations of different event types.

Keywords

computer network security; NREN; National Research And Education Network; alert report analysis; flow monitors; honeypots; intrusion alerts; intrusion detection systems; log analyzers; network analysis systems; network attacks; network monitoring systems; Correlation; Detectors; Educational institutions; IP networks; Internet; Monitoring; Ports (Computers);

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2014 IEEE 19th International Workshop on

Conference_Location

Athens

Type

conf

DOI

10.1109/CAMAD.2014.7033255

Filename

7033255