The original approach to intrusion detection was based on the deployment of a centralized component that gathers and analyzes events at system or network level. In this chapter we present architectures that leverage multiple components and cooperation techniques for the analysis and management of large numbers of security events generated by complex information systems. Their goal is to enhance the system capability and/or to improve the analysis efficacy by merging and correlating security alerts coming from different sources.
Cooperative approaches to SIEM and Intrusion Detection / Marchetti, Mirco; Colajanni, Michele. - STAMPA. - (2013), pp. 79-116.
Cooperative approaches to SIEM and Intrusion Detection
MARCHETTI, Mirco;COLAJANNI, Michele
2013
Abstract
The original approach to intrusion detection was based on the deployment of a centralized component that gathers and analyzes events at system or network level. In this chapter we present architectures that leverage multiple components and cooperation techniques for the analysis and management of large numbers of security events generated by complex information systems. Their goal is to enhance the system capability and/or to improve the analysis efficacy by merging and correlating security alerts coming from different sources.Pubblicazioni consigliate
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris