Enterprise Software

Alert Correlation Through a Multi Components Architecture

Date Added: Jul 2013
Format: PDF

Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detection systems reduces non-relevant ones, groups together alerts based on similarity and causality relationships between them and finally makes a concise and meaningful view of occurring or attempted intrusions. Unfortunately, most correlation approaches use just a few components that aim only specific correlation issues and so cause reduction in correlation rate. This paper uses a general correlation model that has already been presented and is consisted of a comprehensive set of components.