By Topic

Practical network attack situation analysis using sliding window cache scheme

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

7 Author(s)
Jinoh Kim ; Electron. & Telecommun. Res. Inst., Daejeon, South Korea ; Koohong Kang ; Jungchan Na ; Ikkyun Kim
more authors

With the growing deployment of intrusion detection systems, managing reports from these systems become critically important. In situations where there are intensive intrusive actions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the intrusions behind the alerts and to take appropriate actions. Even if isolated events are not considered significant, the set of events may be critical. The alert correlation analysis is related to examine meaningful relationships between alert messages. The situation analysis is a branch of the alert correlation analysis. It is to observe attack activities by aggregating alerts that have certain characteristics in common. In this paper, we present an effective and practical situation analysis scheme that provides realtime analysis capability.

Published in:

Communications, 2003. APCC 2003. The 9th Asia-Pacific Conference on  (Volume:3 )

Date of Conference:

21-24 Sept. 2003