• DocumentCode
    479267
  • Title

    An IDS Alert Fusion Approach Based on Happened Before Relation

  • Author

    Xu, Ming ; Wu, Ting ; Tang, Jingfan

  • Author_Institution
    Inst. of Comput. Applic. Technol., Hangzhou Dianzi Univ., Hangzhou
  • fYear
    2008
  • fDate
    12-14 Oct. 2008
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    Alert fusion is a process that analyzes the alerts produced by one or more intrusion detection systems and provides a more succinct and high-level view of security event or attempted intrusions. Unfortunately, the serialized alerts by detected or created time will hide the intrinsic order between alerts. It is a disadvantage to alert fusion. In this paper, we proposed an alert fusion method based on a happened before relation, which revealed the intrinsic order between alerts. Utilizing the happened before relation can improve the performance of alert correlation and reduce the interference with other correlation components. The experiment results show that our approach is effective in achieving alert reduction and aggregation.
  • Keywords
    security of data; alert fusion method; alert reduction; happened before relation; intrusion detection systems; security event; Aggregates; Computer applications; Costs; Educational institutions; Fuses; Information analysis; Interference; Intrusion detection; Noise reduction; Sensor phenomena and characterization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Wireless Communications, Networking and Mobile Computing, 2008. WiCOM '08. 4th International Conference on
  • Conference_Location
    Dalian
  • Print_ISBN
    978-1-4244-2107-7
  • Electronic_ISBN
    978-1-4244-2108-4
  • Type

    conf

  • DOI
    10.1109/WiCom.2008.2937
  • Filename
    4681126
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=479267