A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques

Mu Chengpo, Huang Houkuan, and Tian Shengfeng

Journal of Computer Research and Development > 2006 > 43(1): 1-8.

Mu Chengpo, Huang Houkuan, and Tian Shengfeng. A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8.

Citation:

Mu Chengpo, Huang Houkuan, and Tian Shengfeng. A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8.

Citation:

Mu Chengpo, Huang Houkuan, and Tian Shengfeng. A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8.

PDF (354 KB)

A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques

Mu Chengpo, Huang Houkuan, and Tian Shengfeng

(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044)

More Information

Published Date: January 14, 2006

Graphical Abstract

Abstract

Abstract

The significances and goals of alert aggregation and correlation techniques are surveyed comprehensively in this paper. Algorithms of aggregation and correlation and their features are discussed in detail. Meanwhile, the ideas of choosing algorithms in developing the intrusion detection alert manage system are summerized, (IDAMS) are presented. The architectures of all the existing aggregation and correlation systems, with emphasis on a brief introduction of the function of the intrusion detection message exchange format (IDMEF) on alert aggregation and correlation. Finally, the future development of this research domain is presented.
- intrusion detection,
- alert aggregation,
- alert correlation,
- network security

FullText(HTML)

References (0)

[1]	Deng Li, Wu Weinan, Zhu Zhengyi, Chen Ming. DiffSec: A Differentiated Intelligent Network Security Service Model[J]. Journal of Computer Research and Development, 2019, 56(5): 955-966. DOI: 10.7544/issn1000-1239.2019.20190019
[2]	Bu Ning, Liu Yuling, Lian Yifeng, Huang Liang. UML-Based Modeling Method of Network Security Infrastructure[J]. Journal of Computer Research and Development, 2014, 51(7): 1578-1593.
[3]	Chen Feng, Liu Dehui, Zhang Yi, Su Jishu. A Hierarchical Evaluation Approach for Network Security Based on Threat Spread Model[J]. Journal of Computer Research and Development, 2011, 48(6): 945-954.
[4]	Lin Wangqun, Wang Hui, Liu Jiahong, Deng Lei, Li Aiping, Wu Quanyuan, and Jia Yan. Research on Active Defense Technology in Network Security Based on Non-Cooperative Dynamic Game Theory[J]. Journal of Computer Research and Development, 2011, 48(2): 306-316.
[5]	Mu Chengpo, Huang Houkuan, Tian Shengfeng. Hierarchical Online Risk Assessment for Intrusion Scenarios[J]. Journal of Computer Research and Development, 2010, 47(10): 1724-1732.
[6]	Mu Chengpo, Huang Houkuan, Tian Shengfeng, Li Xiangjun. A Survey of Intrusion Response Decision-Making Techniques of Automated Intrusion Response Systems[J]. Journal of Computer Research and Development, 2008, 45(8): 1290-1298.
[7]	Bao Xuhua, Dai Yingxia, Lian Yifeng, and Zhu Pengfei. The Correlation Determine Algorithm for Implied Restriction[J]. Journal of Computer Research and Development, 2007, 44(12): 2028-2035.
[8]	Zhang Haixia, Su Purui, and Feng Dengguo. A Network Security Analysis Model Based on the Increase in Attack Ability[J]. Journal of Computer Research and Development, 2007, 44(12): 2012-2019.
[9]	Hu Huaping, Hu Guangming, Dong Pan, Chen Xin. Survey of Security Technology for Large Scale MANET[J]. Journal of Computer Research and Development, 2007, 44(4): 545-552.
[10]	Mu Chengpo, Huang Houkuan, Tian Shengfeng, Lin Youfang, and Qin Yuanhui. Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation[J]. Journal of Computer Research and Development, 2005, 42(10): 1679-1685.