Title :
Alert Correlation through Results Tracing back to Reasons
Author :
Ping, Yi ; Hongkai, Xing ; Yue, Wu ; Jiwen, Cai
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiao Tong Univ., Shanghai
Abstract :
IDS may result in many intrusion alerts. A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario. Author presents a method for alert correlation through results tracing back to reasons. According to hacker attacks linked to a certain sequence characteristics, we correlate the alerts through results tracing back to reasons and gain the correlated alerts. This method can found internal relations of invasion, to accurately identify intrusion targets. Through succeed attacks to match the previous attacks, we can greatly reduce the volume of data, and improve speed and efficiency for correlation analysis.
Keywords :
correlation methods; security of data; alert correlation; correlation analysis; intrusion alerts; intrusion detection system; results tracing back to reasons; Bayesian methods; Data security; Degradation; Information security; Intrusion detection; Mobile communication; Mobile computing; Performance analysis; Target tracking; Telecommunication traffic; alert correlation; intrusion detection;
Conference_Titel :
Communications and Mobile Computing, 2009. CMC '09. WRI International Conference on
Conference_Location :
Yunnan
Print_ISBN :
978-0-7695-3501-2
DOI :
10.1109/CMC.2009.327
