Until recently, network administrators manually arranged alarms produced by Intrusion Detection Systems (IDSs) to attain a high-level description of threats. As the number of alarms is increasingly growing, automatic tools for alarm clustering have been proposed to provide such a high level description of the attack scenario. In addition, it has been shown that effective threat analysis require the fusion of different sources of information, such as different IDSs, firewall logs, etc. In this paper, we propose a new strategy to perform alarm clustering which produces unified descriptions of attacks from multiple alarms. Tests have been performed on a live network where commercial and open-source IDSs analyzed network traffic. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Giacinto, G., Perdisci, R., & Roli, F. (2005). Alarm clustering for intrusion detection systems in computer networks. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3587 LNAI, pp. 184–193). Springer Verlag. https://doi.org/10.1007/11510888_19
Mendeley helps you to discover research relevant for your work.