Alert Correlation Through a Multi Components Architecture

Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detection systems reduces non-relevant ones, groups together alerts based on similarity and causality relationships between them and finally makes a concise and meaningful view of occurring or attempted intrusions. Unfortunately, most correlation approaches use just a few components that aim only specific correlation issues and so cause reduction in correlation rate. This paper uses a general correlation model that has already been presented and is consisted of a comprehensive set of components.

Provided by: Amirkabir University of Technology Topic: Enterprise Software Date Added: Jul 2013 Format: PDF

Find By Topic