Título: A Review Of Three Intrusion Detection Alert Correlation Methods

Autores: Urko Zurutuza and Roberto Uribetxeberria

Fecha: July 2005

Area: Seguridad

Tema: Sistemas de Detección de Intrusiones (IDS)

Abstract: Researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several environments. A boundlessness of methods for misuse detection as well as anomaly detection have been applied. Many of the technologies proposed are complementary to each other, since for different kind of environments some approaches perform better than others. Alert correlation methods try to cover the problem of the huge amount of both positive and false alerts they report. The techniques used in this area aim to help the detectors discern between alerts generated by real attacks and legitimate traffic. Consequently, the amount of false alerts can be reduced easing the work of system administrators in relation to IDSs. Proper alert correlation methods also provide a higher confidence for incorporating these systems into organisations.

[pdf]

Referencia:

bibtex:

@ARTICLE{zur05a,
  author = {Urko Zurutuza and Roberto Uribetxeberria},
  title = {A review of three intrusion detection alert correlation methods},
  journal = {IADAT Journal of Advanced Technology},
  year = {2005},
  month = {July}
}