Title :
Alert correlation by a retrospective method
Author :
Ping Yi ; Xing, Hongkai ; Wu, Vue ; Li, Linchun
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiao Tong Univ., Shanghai
Abstract :
IDS may result in many intrusion alerts. A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario. Author presents a method for alert correlation through results tracing back to reasons. According to hacker attacks linked to a certain sequence characteristics, we correlate the alerts through results tracing back to reasons and gain the correlated alerts. This method can found internal relations of invasion, to accurately identify intrusion targets. Through succeed attacks to match the previous attacks, we can greatly reduce the volume of data, and improve speed and efficiency for correlation analysis.
Keywords :
correlation methods; security of data; intrusion alert correlation analysis; intrusion detection system; intrusion target identification; retrospective method; Application software; Bayesian methods; Computer applications; Computer bugs; Computer hacking; Data security; Information security; Intrusion detection; National security; Performance analysis;
Conference_Titel :
Information Networking, 2009. ICOIN 2009. International Conference on
Conference_Location :
Chiang Mai
Print_ISBN :
978-89-960761-3-1
Electronic_ISBN :
978-89-960761-3-1
