A Review of Intrusion Alerts Correlation Frameworks
View/ Open
Date
2016-04Author
Chahira, Joseph Mbugua
Kiruki, Jane Kinanu
Kemei, Peter Kiprono
Metadata
Show full item recordAbstract
The advancement of modern computers, networks and internet has led to the widespread adoption and application of
Information Communication Technology in modern organizations. As a result, large amount of information is generated,
processed and distributed through digital devices. On the other side, digital crimes have increased in number and sophistication
and they compromise the organization’s critical information infrastructure affecting the confidentiality, integrity and availability
of its information resources. In order to detect these malicious activities, organizations deploys multiple Network Intrusion
Detection Systems (NIDSs) in their corporate networks. They generate huge amount of low quality alerts and in different formats
when an attack has already taken place. Thus Alert and event correlation is required to preprocess, analyze and correlate the alerts
produced by one or more network intrusion detection systems and events generated from different systems and security tools to
provide a more succinct and high-level view of occurring or attempted intrusions. This work will review current alert correlation
systems in terms of approaches and propose design consideration for an efficient alert correlation technique. We conclude by
highlighting the opportunity to include attack prediction component in a real time multiple sensors environment.
Collections
- Publications 2019 [82]