Detail publikačního výsledku

An Analysis of Correlations of Intrusion Alerts in an NREN

BARTOŠ, V.; ŽÁDNÍK, M.

Originální název

An Analysis of Correlations of Intrusion Alerts in an NREN

Anglický název

An Analysis of Correlations of Intrusion Alerts in an NREN

Druh

Stať ve sborníku v databázi WoS či Scopus

Originální abstrakt

An ever increasing impact and amount of network attacks have driven many organizations to deploy various network monitoring and analysis systems such as honeypots, intrusion detection systems, log analysers and flow monitors. Besides improving these systems a logical next step is to collect and correlate alerts from multiple systems distributed across organizations. The idea is to leverage a joint effect of multiple monitoring systems to build a more robust and efficient system, ideally, lacking the shortcomings of the individual contributing systems. This paper presents an analysis of alert reports gathered from several such detectors deployed in national research and education network (NREN). The analysis focuses on the correlations of reported events in temporal domain
as well as on the correlations of different event types.

Anglický abstrakt

An ever increasing impact and amount of network attacks have driven many organizations to deploy various network monitoring and analysis systems such as honeypots, intrusion detection systems, log analysers and flow monitors. Besides improving these systems a logical next step is to collect and correlate alerts from multiple systems distributed across organizations. The idea is to leverage a joint effect of multiple monitoring systems to build a more robust and efficient system, ideally, lacking the shortcomings of the individual contributing systems. This paper presents an analysis of alert reports gathered from several such detectors deployed in national research and education network (NREN). The analysis focuses on the correlations of reported events in temporal domain
as well as on the correlations of different event types.

Klíčová slova

network intrusion detection, malicious traffic, spatio-temporal correlations, alert aggregation

Klíčová slova v angličtině

network intrusion detection, malicious traffic, spatio-temporal correlations, alert aggregation

Autoři

BARTOŠ, V.; ŽÁDNÍK, M.

Rok RIV

2015

Vydáno

01.12.2014

Nakladatel

IEEE Communications Society

Místo

Athény

ISBN

978-1-4799-5725-5

Kniha

2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)

Strany od

305

Strany do

309

Strany počet

5

URL

https://www.fit.vut.cz/research/publication/10526/

BibTex

@inproceedings{BUT111532,
  author="Václav {Bartoš} and Martin {Žádník}",
  title="An Analysis of Correlations of Intrusion Alerts in an NREN",
  booktitle="2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)",
  year="2014",
  pages="305--309",
  publisher="IEEE Communications Society",
  address="Athény",
  doi="10.1109/CAMAD.2014.7033255",
  isbn="978-1-4799-5725-5",
  url="https://www.fit.vut.cz/research/publication/10526/"
}

Dokumenty

camad14_alert_correlations