Distributed Intrusion Alert Aggregation with Data Stream Modeling

Intrusion Detection System (IDS) technology is an important component in designing a secure environment. Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts produced by low level intrusion detection systems, firewalls, etc. belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts) can be reduced substantially.

Provided by: International Journal Of Electronics,Communication And Soft Computing Science &Engineering (IJECSCSE) Topic: Security Date Added: Mar 2012 Format: PDF

Find By Topic