2008 International Conference on Convergence and Hybrid Information Technology 2008
DOI: 10.1109/ichit.2008.197
|View full text |Cite
|
Sign up to set email alerts
|

Alert Fusion Based on Cluster and Correlation Analysis

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
8
0

Year Published

2010
2010
2020
2020

Publication Types

Select...
4
1
1

Relationship

0
6

Authors

Journals

citations
Cited by 18 publications
(8 citation statements)
references
References 10 publications
0
8
0
Order By: Relevance
“…Xu and Ning [44] Alsubhi et al [7] Xiao et al [45] Yu and Rubo [46] Frequency D Frequency represents the frequency of the similar incidents that occurred within a particular period of time. Unlike the similarity indicator, the frequency identifies the similarity between vulnerabilities in terms of number of occurrences within a particular period of time.…”
Section: Valdes and Skinner [47]mentioning
confidence: 99%
See 2 more Smart Citations
“…Xu and Ning [44] Alsubhi et al [7] Xiao et al [45] Yu and Rubo [46] Frequency D Frequency represents the frequency of the similar incidents that occurred within a particular period of time. Unlike the similarity indicator, the frequency identifies the similarity between vulnerabilities in terms of number of occurrences within a particular period of time.…”
Section: Valdes and Skinner [47]mentioning
confidence: 99%
“…Organised as a tree, the hierarchy‐based approach consists of a set of specific–general relations, where leaf nodes denote the most specific concepts (original attributes value) and the root represents the most general concept in the hierarchy . For example, the hierarchy‐based approach has been used in many alert correlation studies in correlating alerts using IP address such as studies in and . In this study, the similarity indicator calculates its value using IP addresses and port similarity.…”
Section: Experimental Evaluationmentioning
confidence: 99%
See 1 more Smart Citation
“…In particular, a cooperative module was proposed for intrusion detection, which implemented functions of alert management, clustering and correlation [32]. Xiao et al proposed a multilevel alert fusion model to abstract high-level attack scenarios to reduce redundancy [33]. As an alternative, fuzzy set theory was applied by Maggi et al to design robust alert aggregation algorithms [34].…”
Section: Related Workmentioning
confidence: 99%
“…One of the proposed techniques works by defining preconditions and post-conditions and finding the causal relations of alerts, and then building the attack scenarios [8][9][10][11]. This technique is the most related to our own.…”
Section: Related Workmentioning
confidence: 99%