| 题名 |
A Rule-Based Temporal Alert Correlation System |
| DOI |
10.6633/IJNS.200707.5(1).08 |
| 作者 |
Peyman Kabiri;Ali A. Ghorbani |
| 关键词 |
alert aggregation ; alert correlation ; intrusion detection ; temporal alert correlation |
| 期刊名称 |
International Journal of Network Security |
| 卷期/出版年月 |
5卷1期(2007 / 07 / 01) |
| 页次 |
66 - 72 |
| 内容语文 |
英文 |
| 英文摘要 |
This paper reports a research work to address the problem of the large number of alerts generated by the detectors in an intrusion detection system. Some of these alerts are redundant and have to be aggregated; others may follow a certain attack pattern that should be correlated. Generally, this operation is referred to as alert correlation. A more detailed explanation of the alert correlation is presented in the paper. Paper proposes a rule-based approach to solve this problem. In the reported work, an inference engine is implemented to derive the correlation between the alerts using a scenario-based knowledge base and to aggregate redundant alerts. Experimental results based on sample alerts and scenarios are reported in this paper. |
| 主题分类 |
基礎與應用科學 >
資訊科學 |
