By Topic

Alert Fusion Based on Cluster and Correlation Analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Shisong Xiao ; Dept. of Comput. Sci., Huazhong Normal Univ., Wuhan ; Yugang Zhang ; Xuejiao Liu ; Jingju Gao

For the purpose of reducing redundant alerts and false alerts as well as recognizing complicated attack scenarios, a multilevel model of alert fusion is presented. This model fuses alerts layer upon layer through primary alert reduction, alert verification, alert clustering and alert correlation. In order to construct accurate and complete attack sensors, in the phase of alert clustering, this paper proposes alert correlation method based on the similarity between alert attributes as well as based on prerequisites and consequences of attacks. The experimental results show that the model is effective and efficient in fusing large numbers of alerts.

Published in:

Convergence and Hybrid Information Technology, 2008. ICHIT '08. International Conference on

Date of Conference:

28-30 Aug. 2008