Cooperation modeling for intrusion detection system based on multi-SoftMan
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
A survey of security visualization for computer network logs
Security and Communication Networks
Security and Communication Networks
On effective sampling techniques in host-based intrusion detection in tactical MANET
International Journal of Security and Networks
Accountability and Q-Accountable Logging in Wireless Networks
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
In this paper, we present a framework design and implementation that provides a scalable solution for two important components of alert correlation: alert verification and event correlation. In our framework, a broker application maintains a database containing IDS alerts while software agents perform alert verification and event correlation of alert instances. Agents are designed to run on multiple hosts to ensure scalability of complex tasks. Agents communicate with the broker via web service architecture, making them easy to build and deploy in heterogeneous networks. Three IDSs are supported to show that the framework can be applied to differing IDS paradigms.