Boosting performance in attack intention recognition by integrating multiple techniques
Frontiers of Computer Science in China
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Intrusion detection systems (IDS) often provide a large number and poor quality alerts, which are insufficient to support rapid identification of ongoing attacks or predict an intruder’s next likely goal. Several alert correlation techniques have been proposed to facilitate the analysis of intrusion alerts. However, many works directly upon the alerts, they do not distinguish between alerts and intruders' attack actions. In addition, many works are not grounded on any standard taxonomy, their associated classification schemes are ad hoc and localized. This paper focus on reducing alerts to attack actions with IDMEF and CVE standards in the preprocessor of our intrusion alerts correlation system which is based on ontology. At first, we introduce our intrusion alerts correlation system. Then we present each modules of the preprocessor, they are local preprocessor, IDMEF parser, alert to attack module and attack to ontology module.