Alert correlation survey
| Autor: | Reza Sadoddin, Ali A. Ghorbani |
|---|---|
| Rok vydání: | 2006 |
| Předmět: | |
| Zdroj: | PST |
| DOI: | 10.1145/1501434.1501479 |
| Popis: | Managing raw alerts generated by various sensors are becoming of more significance to intrusion detection systems as more sensors with different capabilities are distributed spatially in the network. Alert Correlation addresses this issue by reducing, fusing and correlating raw alerts to provide a condensed, yet more meaningful view of the network from the intrusion standpoint. Techniques from a divers range of disciplines have been used by researchers for different aspects of correlation. This paper provides a survey of the state of the art in alert correlation techniques. Our main contribution is a two-fold classification of literature based on correlation framework and applied techniques. The previous works in each category have been described alongside with their strengths and weaknesses from our viewpoint. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|