Sciweavers

IJNSEC
2007

A Rule-based Temporal Alert Correlation System

13 years 11 months ago
A Rule-based Temporal Alert Correlation System
This paper reports a research work to address the problem of the large number of alerts generated by the detectors in an intrusion detection system. Some of these alerts are redundant and have to be aggregated; others may follow a certain attack pattern that should be correlated. Generally, this operation is referred to as alert correlation. A more detailed explanation of the alert correlation is presented in the paper. Paper proposes a rule-based approach to solve this problem. In the reported work, an inference engine is implemented to derive the correlation between the alerts using a scenario-based knowledge base and to aggregate redundant alerts. Experimental results based on sample alerts and scenarios are reported in this paper.
Peyman Kabiri, Ali A. Ghorbani
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where IJNSEC
Authors Peyman Kabiri, Ali A. Ghorbani
Comments (0)