Alert Correlation Technique Analysis For Diverse Log

Yusof, R. and Selamat, S. R. and Sahib, S. and Abdollah, M. F. (2008) Alert Correlation Technique Analysis For Diverse Log. Journal of Advanced Manufacturing Technology, 2 (2). pp. 65-76. ISSN 1985-3157 July-December 2008

[img] Text
07-(65-76).pdf - Published Version
Restricted to Registered users only

Download (334kB) | Request a copy
Official URL: http://jamt.utem.edu.my/

Abstract

Alert correlation is a process that analyses the alerts produced by one or more diverse devices and provides a more succinct and high-level view of occurring or attempted intrusions. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to improve the current alert correlation techniques which are capability to do alert reduction, alert clustering, identify multi-step attack,reduce false alert, detect known attack and detect unknown attack and technique’s combination is proposed.

Item Type: Article
Uncontrolled Keywords: IDS, Alert correlation, diverse devices log, capability criteria
Subjects: Q Science > Q Science (General)
Divisions: Faculty of Information and Communication Technology > Department of System and Computer Communication
Depositing User: Dr. Robiah Yusof
Date Deposited: 05 Aug 2011 04:09
Last Modified: 19 Sep 2021 16:40
URI: http://eprints.utem.edu.my/id/eprint/58
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item