Skip to Main Content
Intrusion detection can no longer satisfy security needs of an organization solely. Recently, the attention of security community turned to automatic intrusion response and prevention, as the techniques, to protect network resources as well as to reduce the attack damages. Knowing attack scenarios enables the system administrator to respond to the threats swiftly by either blocking the attacks or preventing them from escalating. Alert correlation is a technique to extract attack scenarios by investigating the correlation of intrusion detection systems alerts. In this paper, we propose a new learning-based method for alert correlation that employs supervised and transductive learning techniques. Using this method, we are able to extract attack scenarios automatically.
Date of Conference: 20-21 Oct. 2009