Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies and raise alerts independently, though there may be logical connections between them. In situations where there are intensive attacks, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. Therefore, it is necessary to develop techniques to construct attack scenarios (i.e., steps that attackers use in their attacks) from alerts to facilitate intrusion analysis. © 2010 Springer Science+Business Media, LLC.
CITATION STYLE
Ning, P., & Xu, D. (2010). Toward automated intrusion alert analysis. In Network Security (pp. 175–205). Springer US. https://doi.org/10.1007/978-0-387-73821-5_8
Mendeley helps you to discover research relevant for your work.