[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1109/ENABL.2004.7guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Alarm Reduction and Correlation in Defence of IP Networks

Published: 14 June 2004 Publication History

Abstract

Society's critical infrastructures are increasingly dependent on IP networks. Intrusion detection and tolerance within data networks is therefore imperative for dependability in other domains such as telecommunications and future energy management networks. Today's data networks are protected by human operators that are exceedingly overwhelmed by the massive information overload through false alarm rates of the protection mechanisms. This paper studies the role of alarm reduction and correlation in supporting the security administrator in an enterprise network. We present an architecture that incorporates intrusion detection systems as sensors, and provides improved alarm data to the human operator or to automated actuators. Alarm reduction and correlation via static and adaptive filtering, normalisation, and aggregation is demonstrated on the output from three sensors (Snort, Samhain and Syslog) used in a telecom test network.

Cited By

View all
  • (2015)A realistic graph-based alert correlation systemSecurity and Communication Networks10.1002/sec.11908:15(2477-2493)Online publication date: 1-Oct-2015
  • (2013)A comprehensive vulnerability based alert management approach for large networksFuture Generation Computer Systems10.1016/j.future.2012.04.00129:1(27-45)Online publication date: 1-Jan-2013
  • (2013)Survey A model-based survey of alert correlation techniquesComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2012.10.02257:5(1289-1317)Online publication date: 1-Apr-2013
  • Show More Cited By
  1. Alarm Reduction and Correlation in Defence of IP Networks

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image Guide Proceedings
      WETICE '04: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
      June 2004
      397 pages
      ISBN:0769521835

      Publisher

      IEEE Computer Society

      United States

      Publication History

      Published: 14 June 2004

      Qualifiers

      • Article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)0
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 21 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2015)A realistic graph-based alert correlation systemSecurity and Communication Networks10.1002/sec.11908:15(2477-2493)Online publication date: 1-Oct-2015
      • (2013)A comprehensive vulnerability based alert management approach for large networksFuture Generation Computer Systems10.1016/j.future.2012.04.00129:1(27-45)Online publication date: 1-Jan-2013
      • (2013)Survey A model-based survey of alert correlation techniquesComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2012.10.02257:5(1289-1317)Online publication date: 1-Apr-2013
      • (2011)An event correlation approach for fault diagnosis in SCADA infrastructuresProceedings of the 13th European Workshop on Dependable Computing10.1145/1978582.1978586(15-20)Online publication date: 11-May-2011
      • (2010)A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithmComputers and Security10.1016/j.cose.2010.02.00129:6(712-723)Online publication date: 1-Sep-2010
      • (2004)ADWICE – anomaly detection with real-time incremental clusteringProceedings of the 7th international conference on Information Security and Cryptology10.1007/11496618_30(407-424)Online publication date: 2-Dec-2004

      View Options

      View options

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media