Online Intrusion Alert Based on Aggregation and Correlation
Traditional Intrusion Detection Systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. There are several approaches for intrusion detection but none of them is fully satisfactory. They generally generate too many false positives and the alerts are too elementary and not enough accurate to be directly managed by a security administrator.
Provided by: International Journal of Computer Technology and Applications Topic: Security Date Added: Feb 2012 Format: PDF