A coding approach to event correlation
Proceedings of the fourth international symposium on Integrated network management IV
Proceedings of the fourth international symposium on Integrated network management IV
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Mining Sequential Patterns: Generalizations and Performance Improvements
EDBT '96 Proceedings of the 5th International Conference on Extending Database Technology: Advances in Database Technology
ICDE '95 Proceedings of the Eleventh International Conference on Data Engineering
LAMBDA: A Language to Model a Database for Detection of Attacks
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Probabilistic fault localization in communication systems using belief networks
IEEE/ACM Transactions on Networking (TON)
Alarm Reduction and Correlation in Defence of IP Networks
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
TRINETR: An Intrusion Detection Alert Management System
WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
A probabilistic-based framework for infosec alert correlation
A probabilistic-based framework for infosec alert correlation
DDoS attack detection method using cluster analysis
Expert Systems with Applications: An International Journal
Alert Fusion Based on Cluster and Correlation Analysis
ICHIT '08 Proceedings of the 2008 International Conference on Convergence and Hybrid Information Technology
A Survey of Alert Fusion Techniques for Security Incident
WAIM '08 Proceedings of the 2008 The Ninth International Conference on Web-Age Information Management
Real-Time Alert Stream Clustering and Correlation for Discovering Attack Strategies
FSKD '08 Proceedings of the 2008 Fifth International Conference on Fuzzy Systems and Knowledge Discovery - Volume 04
Applying Data Fusion in Collaborative Alerts Correlation
ISCSCT '08 Proceedings of the 2008 International Symposium on Computer Science and Computational Technology - Volume 02
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Preprocessor of Intrusion Alerts Correlation Based on Ontology
CMC '09 Proceedings of the 2009 WRI International Conference on Communications and Mobile Computing - Volume 03
Statistical analysis and prioritisation of alarms in mobile networks
International Journal of Business Intelligence and Data Mining
Run-time correlation engine for system monitoring and testing
ICAC '09 Proceedings of the 6th international conference on Autonomic computing
Real-time alert correlation using stream data mining techniques
IAAI'08 Proceedings of the 20th national conference on Innovative applications of artificial intelligence - Volume 3
Hierarchical Distributed Alert Correlation Model
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Alert Correlation Using Correlation Probability Estimation and Time Windows
ICCTD '09 Proceedings of the 2009 International Conference on Computer Technology and Development - Volume 02
A Hidden Markov Model Based Framework for Tracking and Predicting of Attack Intention
MINES '09 Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 02
An Intelligent Alarm Management System for Large-Scale Telecommunication Companies
EPIA '09 Proceedings of the 14th Portuguese Conference on Artificial Intelligence: Progress in Artificial Intelligence
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Using unsupervised learning for network alert correlation
Canadian AI'08 Proceedings of the Canadian Society for computational studies of intelligence, 21st conference on Advances in artificial intelligence
Fusion Based Approach for Distributed Alarm Correlation in Computer Networks
ICCSN '10 Proceedings of the 2010 Second International Conference on Communication Software and Networks
MARS: Multi-stage Attack Recognition System
AINA '10 Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications
Implementation of Alarm Correlation System for Hybrid Networks Based upon the perfSONAR Framework
WAINA '10 Proceedings of the 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
An Intrusion Alert Correlation Approach Based on Finite Automata
ICCIIS '10 Proceedings of the 2010 International Conference on Communications and Intelligence Information Security
MS2IFS: A Multiple Source-Based Security Information Fusion System
ICCIIS '10 Proceedings of the 2010 International Conference on Communications and Intelligence Information Security
A new alert correlation algorithm based on attack graph
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
High speed and robust event correlation
IEEE Communications Magazine
Extending trouble ticket systems to fault diagnostics
IEEE Network: The Magazine of Global Internetworking
IEEE Network: The Magazine of Global Internetworking
Rule-based expert systems for network management and operations: an introduction
IEEE Network: The Magazine of Global Internetworking
Trustworthy placements: Improving quality and resilience in collaborative attack detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
As telecommunication networks evolve rapidly in terms of scalability, complexity, and heterogeneity, the efficiency of fault localization procedures and the accuracy in the detection of anomalous behaviors are becoming important factors that largely influence the decision making process in large management companies. For this reason, telecommunication companies are doing a big effort investing in new technologies and projects aimed at finding efficient management solutions. One of the challenging issues for network and system management operators is that of dealing with the huge amount of alerts generated by the managed systems and networks. In order to discover anomalous behaviors and speed up fault localization processes, alert correlation is one of the most popular resources. Although many different alert correlation techniques have been investigated, it is still an active research field. In this paper, a survey of the state of the art in alert correlation techniques is presented. Unlike other authors, we consider that the correlation process is a common problem for different fields in the industry. Thus, we focus on showing the broad influence of this problem. Additionally, we suggest an alert correlation architecture capable of modeling current and prospective proposals. Finally, we also review some of the most important commercial products currently available.