Online Intrusion Alert Aggregation Using DGDSM Approach

Download Now
Provided by: International Journal of Computer Science and Information Technologies
Topic: Security
Format: PDF
Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts - produced by low-level intrusion detection systems, firewalls, etc. Belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e. alerts) can be reduced substantially. Meta-alerts may then be the basis for reporting to security experts or for communication within a distributed intrusion detection system.
Download Now

Find By Topic