Yusof, R. and Selamat, S. R. and Sahib, S. and Abdollah, M. F. (2008) Alert Correlation Technique Analysis For Diverse Log. Journal of Advanced Manufacturing Technology, 2 (2). pp. 65-76. ISSN 1985-3157 July-December 2008
![[img]](http://eprints.utem.edu.my/style/images/fileicons/text.png) |
Text
07-(65-76).pdf - Published Version Restricted to Registered users only Download (334kB) | Request a copy |
Abstract
Alert correlation is a process that analyses the alerts produced by one or more diverse devices and provides a more succinct and high-level view of occurring or attempted intrusions. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to improve the current alert correlation techniques which are capability to do alert reduction, alert clustering, identify multi-step attack,reduce false alert, detect known attack and detect unknown attack and technique’s combination is proposed.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | IDS, Alert correlation, diverse devices log, capability criteria |
| Subjects: | Q Science > Q Science (General) |
| Divisions: | Faculty of Information and Communication Technology > Department of System and Computer Communication |
| Depositing User: | Dr. Robiah Yusof |
| Date Deposited: | 05 Aug 2011 04:09 |
| Last Modified: | 19 Sep 2021 16:40 |
| URI: | http://eprints.utem.edu.my/id/eprint/58 |
| Statistic Details: | View Download Statistic |
Actions (login required)
 |
View Item |