Sciweavers

SP
2002
IEEE

Alert Correlation in a Cooperative Intrusion Detection Framework

13 years 11 months ago
Alert Correlation in a Cooperative Intrusion Detection Framework
This paper presents the work we have done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS). This module implements functions to manage, cluster, merge and correlate alerts. The clustering and merging functions recognize alerts that correspond to the same occurrence of an attack and create a new alert that merge data contained in these various alerts. Experiments show that these functions significantly reduce the number of alerts. However, we also observe that alerts we obtain are still too elementary to be managed by a security administrator. The purpose of the correlation function is thus to generate global and synthetic alerts. This paper focuses on the approach we suggest to design this function.
Frédéric Cuppens, Alexandre Mi&egrav
Added 23 Dec 2010
Updated 23 Dec 2010
Type Journal
Year 2002
Where SP
Authors Frédéric Cuppens, Alexandre Miège
Comments (0)