Intrusion Alert Correlation Technique Analysis for Heterogeneous Log
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the signifi...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | en |
| Published: |
Dr. Sang H. Lee
2008
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/59/1/20080919-accepted.pdf http://eprints.utem.edu.my/id/eprint/59/ http://www.ijcsns.org/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832715928029102080 |
|---|---|
| author | Yusof, R. Selamat, S. R. Sahib, S. |
| author_facet | Yusof, R. Selamat, S. R. Sahib, S. |
| author_sort | Yusof, R. |
| building | UTEM Library |
| collection | Institutional Repository |
| content_provider | Universiti Teknikal Malaysia Melaka |
| content_source | UTEM Institutional Repository |
| continent | Asia |
| country | Malaysia |
| description | Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System(IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to
improve the current alert correlation technique. They are
capability to do alert reduction, alert clustering,identify multistep attack, reduce false alert, detect known attack and detect unknown attack. |
| format | Article |
| id | my.utem.eprints-59 |
| institution | Universiti Teknikal Malaysia Melaka |
| language | en |
| publishDate | 2008 |
| publisher | Dr. Sang H. Lee |
| record_format | eprints |
| spelling | my.utem.eprints-592021-09-19T16:53:38Z http://eprints.utem.edu.my/id/eprint/59/ Intrusion Alert Correlation Technique Analysis for Heterogeneous Log Yusof, R. Selamat, S. R. Sahib, S. Q Science (General) Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System(IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to improve the current alert correlation technique. They are capability to do alert reduction, alert clustering,identify multistep attack, reduce false alert, detect known attack and detect unknown attack. Dr. Sang H. Lee 2008-09-30 Article PeerReviewed application/pdf en http://eprints.utem.edu.my/id/eprint/59/1/20080919-accepted.pdf Yusof, R. and Selamat, S. R. and Sahib, S. (2008) Intrusion Alert Correlation Technique Analysis for Heterogeneous Log. International Journal of Computer Science and Network Security , 8 (9). pp. 132-138. ISSN 1738-7906 http://www.ijcsns.org/ |
| spellingShingle | Q Science (General) Yusof, R. Selamat, S. R. Sahib, S. Intrusion Alert Correlation Technique Analysis for Heterogeneous Log |
| title | Intrusion Alert Correlation Technique Analysis for Heterogeneous Log |
| title_full | Intrusion Alert Correlation Technique Analysis for Heterogeneous Log |
| title_fullStr | Intrusion Alert Correlation Technique Analysis for Heterogeneous Log |
| title_full_unstemmed | Intrusion Alert Correlation Technique Analysis for Heterogeneous Log |
| title_short | Intrusion Alert Correlation Technique Analysis for Heterogeneous Log |
| title_sort | intrusion alert correlation technique analysis for heterogeneous log |
| topic | Q Science (General) |
| url | http://eprints.utem.edu.my/id/eprint/59/1/20080919-accepted.pdf http://eprints.utem.edu.my/id/eprint/59/ http://www.ijcsns.org/ |
| url_provider | http://eprints.utem.edu.my/ |