Sharif Digital Repository

Intrusion Detection Systems (IDSs) are among the mostly used security tools in computer networks. While they are promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low level alerts which are hardly manageable. In addition, IDSs usually generate redundant or even irrelevant (false) alerts. One technique proposed to circumvent such drawbacks is alert correlation, which extracts useful and high-level alerts, and helps in making timely decisions when a security breach occurs. This thesis will survey current alert correlation techniques, and introduces a real-time and data-mining–based algorithm for alert...