Survey of intrusion-detection alert aggregation and correlation techniques

Chengpo Mu; Houkuan Huang; Shengfeng Tian

doi:10.1360/crad20060101

Survey of intrusion-detection alert aggregation and correlation techniques

Chengpo Mu^*, Houkuan Huang, Shengfeng Tian

^*Corresponding author for this work

Beijing Jiaotong University

Research output: Contribution to journal › Review article › peer-review

26 Citations (Scopus)

Abstract

The significances and goals of alert aggregation and correlation techniques are surveyed comprehensively in this paper. Algorithms of aggregation and correlation and their features are discussed in detail. Meanwhile, the ideas of choosing algorithms in developing the intrusion detection alert manage system are summarized, (IDAMS) are presented. The architectures of all the existing aggregation and correlation systems, with emphasis on a brief introduction of the function of the intrusion detection message exchange format (IDMEF) on alert aggregation and correlation. Finally, the future development of this research domain is presented.

Original language	English
Pages (from-to)	1-8
Number of pages	8
Journal	Jisuanji Yanjiu yu Fazhan/Computer Research and Development
Volume	43
Issue number	1
DOIs	https://doi.org/10.1360/crad20060101
Publication status	Published - Jan 2006
Externally published	Yes

Keywords

Alert aggregation
Alert correlation
Intrusion detection
Network security

Access to Document

10.1360/crad20060101

Cite this

@article{53932331e814434694a1c98978b11579,

title = "Survey of intrusion-detection alert aggregation and correlation techniques",

abstract = "The significances and goals of alert aggregation and correlation techniques are surveyed comprehensively in this paper. Algorithms of aggregation and correlation and their features are discussed in detail. Meanwhile, the ideas of choosing algorithms in developing the intrusion detection alert manage system are summarized, (IDAMS) are presented. The architectures of all the existing aggregation and correlation systems, with emphasis on a brief introduction of the function of the intrusion detection message exchange format (IDMEF) on alert aggregation and correlation. Finally, the future development of this research domain is presented.",

keywords = "Alert aggregation, Alert correlation, Intrusion detection, Network security",

author = "Chengpo Mu and Houkuan Huang and Shengfeng Tian",

year = "2006",

month = jan,

doi = "10.1360/crad20060101",

language = "English",

volume = "43",

pages = "1--8",

journal = "Jisuanji Yanjiu yu Fazhan/Computer Research and Development",

issn = "1000-1239",

publisher = "Science Press",

number = "1",

}

TY - JOUR

T1 - Survey of intrusion-detection alert aggregation and correlation techniques

AU - Mu, Chengpo

AU - Huang, Houkuan

AU - Tian, Shengfeng

PY - 2006/1

Y1 - 2006/1

N2 - The significances and goals of alert aggregation and correlation techniques are surveyed comprehensively in this paper. Algorithms of aggregation and correlation and their features are discussed in detail. Meanwhile, the ideas of choosing algorithms in developing the intrusion detection alert manage system are summarized, (IDAMS) are presented. The architectures of all the existing aggregation and correlation systems, with emphasis on a brief introduction of the function of the intrusion detection message exchange format (IDMEF) on alert aggregation and correlation. Finally, the future development of this research domain is presented.

AB - The significances and goals of alert aggregation and correlation techniques are surveyed comprehensively in this paper. Algorithms of aggregation and correlation and their features are discussed in detail. Meanwhile, the ideas of choosing algorithms in developing the intrusion detection alert manage system are summarized, (IDAMS) are presented. The architectures of all the existing aggregation and correlation systems, with emphasis on a brief introduction of the function of the intrusion detection message exchange format (IDMEF) on alert aggregation and correlation. Finally, the future development of this research domain is presented.

KW - Alert aggregation

KW - Alert correlation

KW - Intrusion detection

KW - Network security

UR - http://www.scopus.com/inward/record.url?scp=33645455033&partnerID=8YFLogxK

U2 - 10.1360/crad20060101

DO - 10.1360/crad20060101

M3 - Review article

AN - SCOPUS:33645455033

SN - 1000-1239

VL - 43

SP - 1

EP - 8

JO - Jisuanji Yanjiu yu Fazhan/Computer Research and Development

JF - Jisuanji Yanjiu yu Fazhan/Computer Research and Development

IS - 1

ER -

Survey of intrusion-detection alert aggregation and correlation techniques

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this