Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
| Hi-index | 0.00 |
With the growing deployment of host and network intrusion detection systems, managing the reports from these systems become critically important. Current intrusion detection systems focus on low-level attacks or anomalies. As a result, it is difficult for users or intrusion response systems to understand the intrusion behind the alerts and take appropriate actions. In this paper, we propose alert correlation analysis based on data mining techniques for the management of alerts. Because data mining tasks deal with the discovery of implicit data, we can discover the interconnection and inter relationships among the alerts. So the results of analyzing the alert data are used for the security policy server to construct the security policy rule efficiently in the framework of PBNM(Policy Based Network Management). It helps not only to manage the fault users and hosts but also to discover possible alert sequences.