Yusof, R. and Selamat, S. R. and Sahib, S. (2008) Intrusion Alert Correlation Technique Analysis for Heterogeneous Log. International Journal of Computer Science and Network Security , 8 (9). pp. 132-138. ISSN 1738-7906
![[img]](http://eprints.utem.edu.my/style/images/fileicons/application_pdf.png)
|
PDF
20080919-accepted.pdf - Published Version Download (219kB) |
Abstract
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System(IDS) problem such as prone to alert flooding, contextual problem, false alert and scalability. The existing alert correlation techniques had been reviewed and analysed. From the analysis, six capability criteria have been identified to improve the current alert correlation technique. They are capability to do alert reduction, alert clustering,identify multistep attack, reduce false alert, detect known attack and detect unknown attack.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | IDS, Alert correlation, Heterogeneous log, capability criteria |
| Subjects: | Q Science > Q Science (General) |
| Divisions: | Faculty of Information and Communication Technology > Department of System and Computer Communication |
| Depositing User: | Dr. Robiah Yusof |
| Date Deposited: | 05 Aug 2011 04:08 |
| Last Modified: | 19 Sep 2021 16:53 |
| URI: | http://eprints.utem.edu.my/id/eprint/59 |
| Statistic Details: | View Download Statistic |
Actions (login required)
 |
View Item |