• DocumentCode
    493040
  • Title

    Alert correlation by a retrospective method

  • Author

    Ping Yi ; Xing, Hongkai ; Wu, Vue ; Li, Linchun

  • Author_Institution
    Sch. of Inf. Security Eng., Shanghai Jiao Tong Univ., Shanghai
  • fYear
    2009
  • fDate
    21-24 Jan. 2009
  • Firstpage
    1
  • Lastpage
    3
  • Abstract
    IDS may result in many intrusion alerts. A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario. Author presents a method for alert correlation through results tracing back to reasons. According to hacker attacks linked to a certain sequence characteristics, we correlate the alerts through results tracing back to reasons and gain the correlated alerts. This method can found internal relations of invasion, to accurately identify intrusion targets. Through succeed attacks to match the previous attacks, we can greatly reduce the volume of data, and improve speed and efficiency for correlation analysis.
  • Keywords
    correlation methods; security of data; intrusion alert correlation analysis; intrusion detection system; intrusion target identification; retrospective method; Application software; Bayesian methods; Computer applications; Computer bugs; Computer hacking; Data security; Information security; Intrusion detection; National security; Performance analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Networking, 2009. ICOIN 2009. International Conference on
  • Conference_Location
    Chiang Mai
  • Print_ISBN
    978-89-960761-3-1
  • Electronic_ISBN
    978-89-960761-3-1
  • Type

    conf

  • Filename
    4897328
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=493040