Alert Correlation Analysis For Intrusion Detection, M.Sc. Thesis Sharif University of Technology ; Jalili, Rasool (Supervisor)
Abstract
While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high...
Cataloging briefAlert Correlation Analysis For Intrusion Detection, M.Sc. Thesis Sharif University of Technology ; Jalili, Rasool (Supervisor)
Abstract
While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high...
Find in contentBookmark |
|