Title :
Using Multilevel Correlation in a Unified Platform of Network Security Management: Design and Implementation
Author :
Wu, Zheng ; Xiao, Debao ; Xiao, Min ; Peng, Xi
Author_Institution :
Inst. of Comput. Network & Commun. Technol., CCNU, Wuhan
Abstract :
Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks, and the non predefined knowledge based methods lack the capability to analyze multistep attacks. This paper presents a multilevel correlation method used in the Unified Platform of Network Security Management (UPNSM). This method combines the two methods mentioned above together in analyzing multisource alerts. The goal is to pull out false positive, extract real threats and discover unknown attacks. Experiments show that our multilevel correlation modeling and deployment techniques are effective in achieving this goal.
Keywords :
computer network management; security of data; alert correlation; knowledge based methods; multilevel correlation method; multisource alerts; multistep attacks; network security management; Communication system security; Computer network management; Computer security; Costs; Data security; Databases; Information security; Proposals; Protection; Variable structure systems; multilevel correlation; the Unified Platform of Network Security Management (UPNSM);
Conference_Titel :
Electronic Commerce and Security, 2008 International Symposium on
Conference_Location :
Guangzhou City
Print_ISBN :
978-0-7695-3258-5
DOI :
10.1109/ISECS.2008.85
