Attacks to information systems are becoming moresophisticated and traditional algorithms supporting NetworkIntrusion Detection Systems may be ineffective or cause toomany false alarms. This paper describes a new algorithm for thecorrelation of alerts generated by Network Intrusion DetectionSystems. It is specifically oriented to face multistep attacks wheremultiple intrusion activities belonging to the same attack scenarioare performed within a small time window. This algorithm takesas its input the security alerts generated by a NIDS and, througha pseudo-bayesian alert correlation, is able to identify those thatare likely to belong to the same multistep attack scenario. Theproposed approach is completely unsupervised and applicable tosecurity alerts generated by any kind of NIDS.

Identification of correlated network intrusion alerts / Marchetti, Mirco; Colajanni, Michele; Manganiello, Fabio. - STAMPA. - (2011), pp. 15-20. (Intervento presentato al convegno Cyberspace Safety and Security (CSS), 2011 Third International Workshop on tenutosi a Milano nel 2011-September) [10.1109/CSS.2011.6058565].

Identification of correlated network intrusion alerts

MARCHETTI, Mirco;COLAJANNI, Michele;MANGANIELLO, FABIO
2011

Abstract

Attacks to information systems are becoming moresophisticated and traditional algorithms supporting NetworkIntrusion Detection Systems may be ineffective or cause toomany false alarms. This paper describes a new algorithm for thecorrelation of alerts generated by Network Intrusion DetectionSystems. It is specifically oriented to face multistep attacks wheremultiple intrusion activities belonging to the same attack scenarioare performed within a small time window. This algorithm takesas its input the security alerts generated by a NIDS and, througha pseudo-bayesian alert correlation, is able to identify those thatare likely to belong to the same multistep attack scenario. Theproposed approach is completely unsupervised and applicable tosecurity alerts generated by any kind of NIDS.
2011
Cyberspace Safety and Security (CSS), 2011 Third International Workshop on
Milano
2011-September
2-s2.0-81155132072
15
20
Marchetti, Mirco; Colajanni, Michele; Manganiello, Fabio
Identification of correlated network intrusion alerts / Marchetti, Mirco; Colajanni, Michele; Manganiello, Fabio. - STAMPA. - (2011), pp. 15-20. (Intervento presentato al convegno Cyberspace Safety and Security (CSS), 2011 Third International Workshop on tenutosi a Milano nel 2011-September) [10.1109/CSS.2011.6058565].
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/769008
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 21
  • ???jsp.display-item.citation.isi??? ND
social impact