Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Snort 2.0 Intrusion Detection
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Hi-index | 0.00 |
Due to a false alert or mass alerts by current intrusion detection systems, the system administrators have difficulties in real-time analysis of an intrusion. In order to solve this problem, it has been studied to analyze the intrusion situation or correlation. However, the existing situation analysis method is grouping with the similarity of measures, and it makes hard to respond appropriately to an elaborate attack. Also, the result of the method is so abstract that the raw information before reduction must be analyzed to realize the intrusion. In this paper, we reduce the number of alerts using the aggregation and correlation and classify the alerts by IP addresses and attack types. Through this method, our tool can find a cunningly cloaked attack flow as well as general attack situation, and more, they are visualized. So an administrator can easily understand the correct attack flow.