A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques
-
Graphical Abstract
-
Abstract
The significances and goals of alert aggregation and correlation techniques are surveyed comprehensively in this paper. Algorithms of aggregation and correlation and their features are discussed in detail. Meanwhile, the ideas of choosing algorithms in developing the intrusion detection alert manage system are summerized, (IDAMS) are presented. The architectures of all the existing aggregation and correlation systems, with emphasis on a brief introduction of the function of the intrusion detection message exchange format (IDMEF) on alert aggregation and correlation. Finally, the future development of this research domain is presented.
-
-