Universiti Teknologi Malaysia Institutional Repository

Network intrusion alert correlation challenges and techniques

Md. Siraj, Maheyzah and Mohd. Hashim, Siti Zaiton (2008) Network intrusion alert correlation challenges and techniques. Jurnal Teknologi Maklumat, 20 (2). pp. 12-36. ISSN 0128-3790

[img]
Preview
PDF
1014Kb

Abstract

Many organizations implement Intrusion Detection Systems (IDS) as the first line of defense for their security systems. Up to now, the researchers have developed IDS in many computer environments. Having detected the signs of intrusions, IDS trigger alerts to report them. These alerts are presented to human analyst to be evaluated and initiates adequate responses. But, manually analyzing those alerts are tedious, time-consuming and error-prone. The reasons for this: the number of alerts is enormous, and (2) most of them are false alerts. A promising method to automate the alert analysis is finding the correlation between alerts, and such system is known as Alert Correlation System (ACS). One of the major applications of alert correlation (AC) is attack diagnosis. Interestingly, researchers have different kind of views to define the concept of AC. Furthermore, a various types of techniques have been proposed in AC: to reduce the false alerts, and (2) to find causality relationship between alerts to extract the strategies of attacker. This paper discussed the challenges of ACS and the most importantly presents a review of techniques and solutions proposed in the course of the last ten years, while comparing their advantages and limitations. The survey is followed by the presentation of potential future research directions in this area.

Item Type:Article
Uncontrolled Keywords:information assurance and security, alert correlation, alert analysis, intrusion detection, preventive system
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computer Science and Information System (Formerly known)
ID Code:9423
Deposited By: Ms Zalinda Shuratman
Deposited On:24 Nov 2009 01:56
Last Modified:11 May 2011 09:27

Repository Staff Only: item control page