Título: Intrusion Detection Alarm Correlation: A Survey

Autores: Urko Zurutuza and Roberto Uribetxeberria

Fecha: December 2004

Area: Seguridad

Tema: Sistemas de Detección de Intrusiones (IDS)

Abstract: It is 17 years ince Dorothy Denning proposed the first intrusion detection model. These systems have evolved rapidly from that model to present alarm correlation methods. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Many of the technologies proposed are complementary to each other, since for different kind of environments some approaches perform better than others. Alert correlation methods try to cover the problem of the huge amount of both positive alarms as well as false alarms they report. The techniques used in this area aim to help the detectors discern between alarms generated by real attacks and legitimate traffic. Consequently, the amount of false alarms can be reduced easing the work of system administrators in relation to IDSs. Proper alert correlation methods also provide a higher confidence for incorporating these systems into organisations.

[pdf]

[ppt]

Referencia:

bibtex:

@INPROCEEDINGS{zur04d,
  author = {Urko Zurutuza and Roberto Uribeetxeberria},
  title = {Intrusion detection alarm correlation: A survey},
  booktitle = {In Proceedings of the IADAT International Conference on Telecommunications
    and Computer Networks (TCN 2004)},
  year = {2004},
  address = {Donostia, Spain},
  month = {December}
}