2012
DOI: 10.5120/8618-2480
|View full text |Cite
|
Sign up to set email alerts
|

An Operational Framework for Alert Correlation using a Novel Clustering Approach

Abstract: Intrusion Detection System (IDS) is a well known security feature and widely implemented among practitioners. However, since the creation of IDS the enormous number of alerts generated by the detection sensors has always been a setback in the implementation environment. Moreover due to this obtrusive predicament, two other problems have emerged which are the difficulty in processing the alerts accurately and also the decrease in performance rate in terms of time and memory capacity while processing these alert… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
5
0

Year Published

2014
2014
2016
2016

Publication Types

Select...
3
2

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(5 citation statements)
references
References 20 publications
0
5
0
Order By: Relevance
“…According to Mohamed et al [40] they claimed that the data mining approaches that applied for the purpose of cluster are not suitable for two reasons:…”
Section: F Hash-function Basedmentioning
confidence: 99%
See 2 more Smart Citations
“…According to Mohamed et al [40] they claimed that the data mining approaches that applied for the purpose of cluster are not suitable for two reasons:…”
Section: F Hash-function Basedmentioning
confidence: 99%
“…Mohamed et al [40] and others extracted three attributes from alerts (destination IP, signature type or id and timestamp) and applied these attributes to MD5 hash function. The MD5 generates a unique hash value that is used for the initial clustering process.…”
Section: F Hash-function Basedmentioning
confidence: 99%
See 1 more Smart Citation
“…Alarm Clustering: The idea is to group same alarms together [102] possibly generated from different sensors. A time window is normally considered within which alarms are merged.…”
Section: Alarm Correlationmentioning
confidence: 99%
“…Their proposed framework and the novel clustering method, architectured solely with the intention of reducing the amount of alerts generated by IDS. The clustering method was tested against two datasets; a globally used dataset, DARPA and a live dataset from a cyber attack monitoring unit that uses Snort engine to capture the alerts [34].…”
Section: Summary Of Experiments On Darpa 2000 Scenariosmentioning
confidence: 99%