2001
DOI: 10.1007/3-540-45474-8_6
|View full text |Cite
|
Sign up to set email alerts
|

Aggregation and Correlation of Intrusion-Detection Alerts

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

1
233
0
8

Year Published

2007
2007
2018
2018

Publication Types

Select...
5
4

Relationship

0
9

Authors

Journals

citations
Cited by 452 publications
(242 citation statements)
references
References 1 publication
1
233
0
8
Order By: Relevance
“…Formalization of security alerts allowed a whole new field of research to emerge, the security alert correlation [9]. The task of alert correlation is to put together corresponding alerts, find relations between alerts, and reconstruct the progress of an attack, but also to recognize the focus of an attacker and analyze the impact of potential security incidents.…”
Section: Related Workmentioning
confidence: 99%
“…Formalization of security alerts allowed a whole new field of research to emerge, the security alert correlation [9]. The task of alert correlation is to put together corresponding alerts, find relations between alerts, and reconstruct the progress of an attack, but also to recognize the focus of an attacker and analyze the impact of potential security incidents.…”
Section: Related Workmentioning
confidence: 99%
“…Most of the previous works [2], [3], [5], [6], [7] of alert clustering for finding structural correlation required strong dependencies on SE in developing and/or maintaining their correlation system. They either need pre-defined rules or human expert knowledge to manage and analyze the intrusion alerts.…”
Section: Related Workmentioning
confidence: 99%
“…Worse, those alerts are in low quality because they mixed with false positives, and repeated warnings for the same attack, or alert notifications from erroneous activity [2]. Therefore, manually analyze those alerts are tedious, time-consuming and error-prone [3].…”
Section: Introductionmentioning
confidence: 99%
“…In order to use IDS alerts as evidence, many have proposed aggregating redundant alerts and correlating them to determine multi-step, multi-stage attacks (Dain and Cunningham, 2001;Debar and Wespi, 2001;Wang and Thomas, 2008). While such aggregation can help in reconstructing a multi-stage, multi-step attack scenario, to the best of our knowledge, none of this work has been integrated with legal acceptability standards of evidence.…”
Section: Introductionmentioning
confidence: 99%