Integrating security operator knowledge and preferences to the alert correlation process

Bouzar-Benlabiod, Lydia; Benferhat, Salem; Boubana-Tebibel, Thouraya

doi:10.1109/icmwi.2010.5648098

Search citation statements

Order By: Relevance

Paper Sections

Select...

B Predefined Attack Scenario2

Non-monotonic Reasoning With DL Jclassic δϵ1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2013

2020

Publication Types

Select...

Article2

Other2

Relationship

Self Cite0

Independent4

Authors

Journals

Cited by 4 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bouzar-Benlabiod et al [30] integrates security operator knowledge and preferences to alerts correlation process using qualitative choice logic…”

Section: Non-monotonic Reasoning With DL Jclassic δϵmentioning

confidence: 99%

Contextual‐based approach to reduce false positives

Chergui

Boustia

2020

IET Information Security

View full text Add to dashboard Cite

“…Bouzar-Benlabiod et al [30] integrates security operator knowledge and preferences to alerts correlation process using qualitative choice logic…”

Section: Non-monotonic Reasoning With DL Jclassic δϵmentioning

confidence: 99%

Contextual‐based approach to reduce false positives

Chergui

Boustia

2020

IET Information Security

View full text Add to dashboard Cite

“…This approach uses explicit correlation and its objective is to detect complex attack scenarios [21]. The learning process either supervised or unsupervised is involved.…”

Section: B Predefined Attack Scenariomentioning

confidence: 99%

“…The main advantage for this method is that it is able to accurately to detect well-documented attacks derived from the libraries. But if it is a novel attack, the method will fail to detect the intrusion [5,20,21]. The main concern of this approach is the need of more complete and comprehensive scenario libraries, time and cost to build and maintain them are main concerns.…”

Section: B Predefined Attack Scenariomentioning

confidence: 99%

A Comparative Study of Alert Correlations for Intrusion Detection

Leau

Ramadass

Manickam

et al. 2013

2013 International Conference on Advanced Computer Science Applications and Technologies

View full text Add to dashboard Cite

The prevalent use of computer applications and communication technologies has rising the numbers of network intrusion attempts. These malicious attempts including hacking, botnets and works are pushing organization networks to a risky atmosphere where the intruder tries to compromise the confidentiality, integrity and availability of resources. In order to detect these malicious activities, Intrusion Detection Systems (IDSs) have been widely deployed in corporate networks. IDSs play an important role in monitoring traffic behaviors in a computer network, identifying the anomalous activity and notifying the security analyst with current network status. Unfortunately, one of the IDSs' drawbacks is they produce a large number of false positives and nonrelevant positives alerts that could overwhelm the security analyst. Therefore, the process of analyzing alerts in order to provide a more synthetic and high-level view of the attempted intrusions is needed. This process is called Alert Correlation. In this paper, we present commonly used alert correlation approaches and highlight their advantages and disadvantages from various perspectives. Subsequently, we summarize some current alert correlation models with their alert correlation approach.

show abstract