|
|
|
|
Alert Correlation Technique Analysis for Diverse Log
|
|
|
|
|
|
|
|
نویسنده
|
Robiah Y. ,Rahayu S.S. ,Shahrin S. ,Faizal M.A.
|
|
منبع
|
journal of advanced manufacturing technology - 2008 - دوره : 2 - شماره : 2 - صفحه:65 -76
|
|
چکیده
|
Alert correlation is a process that analyses the alerts produced by one or more diverse devices and provides a more succinct and high-level view of occurring or attempted intrusions. the objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the intrusion detection system (ids) problem such as prone to alert flooding, contextual problem, false alert and scalability. the existing alert correlation techniques had been reviewed and analysed. from the analysis, six capability criteria have been identified to improve the current alert correlation techniques which are capability to do alert reduction, alert clustering, identify multi-step attack, reduce false alert, detect known attack and detect unknown attack and technique’s combination is proposed.
|
|
کلیدواژه
|
IDS ,Alert correlation ,diverse devices log ,capability criteria
|
|
آدرس
|
Universiti Teknikal Malaysia, Fakulti Teknologi Maklumat & Komunikasi, Malaysia, Universiti Teknikal Malaysia, Fakulti Teknologi Maklumat & Komunikasi, Malaysia, University Technical Malaysia, Faculty Information Technology and Communication, Malaysia, University Technical Malaysia, Faculty Information Technology and Communication, Malaysia
|
|
پست الکترونیکی
|
robiah@utem.edu.my
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Authors
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|