A real-time alert correlation method based on code-books for intrusion detection systems. Issue 89 (February 2020)
- Record Type:
- Journal Article
- Title:
- A real-time alert correlation method based on code-books for intrusion detection systems. Issue 89 (February 2020)
- Main Title:
- A real-time alert correlation method based on code-books for intrusion detection systems
- Authors:
- Mahdavi, Ehsan
Fanian, Ali
Amini, Fatima - Abstract:
- Abstract: Alert Correlation is the process of analyzing alerts to reduce their number, eliminate false positives, detect the scenarios behind them and generate a higher perspective of the incidents. Making this process online will upgrade the classic role of alert correlation from being a post-process step to a key part of intrusion detection systems. In this article, we propose a novel two-phase model called a Real-time Alert Correlation method based on Code-books (RACC) for intrusion detection systems. First, in the offline phase, RACC pre-processes a knowledge base to propose some matrices as the main data structure of the method that we call them code-books. Instead of keeping alerts in the memory, those matrices just hold keys to the corresponding meta-alerts. An index that is based upon red-black trees is used to access matrix elements. Generating the matrices and mentioned index are independent from the alerts, so utilizing them can facilitate the alert correlation process in an online manner in phase two of the proposed model. The experiments show that compared to similar methods, RACC can significantly reduce the alert correlation time and can enable real-time alert correlation.
- Is Part Of:
- Computers & security. Issue 89(2020)
- Journal:
- Computers & security
- Issue:
- Issue 89(2020)
- Issue Display:
- Volume 89, Issue 89 (2020)
- Year:
- 2020
- Volume:
- 89
- Issue:
- 89
- Issue Sort Value:
- 2020-0089-0089-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-02
- Subjects:
- Network security -- Intrusion detection systems -- Alert -- Online alert correlation -- Attack scenario -- Causal relationships -- Code-books
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.101661 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 12594.xml