Sharif Digital Repository

With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. Alert Correlation systems are a possible solution for deep analysis of incoming alerts in response to potential attacks against enterprise networks. Although several known alert correlation systems have been proposed for this purpose so far, most of them do not support high amount of input due to their centralized architecture. In this thesis, we propose a system architecture and approach for alert correlation to be extensible, flexible, and modular. The architecture encompasses...