Alert correlation in a cooperative intrusion detection framework

Frédéric Cuppens; Alexandre Miège

doi:https://doi.org/10.1109/secpri.2002.1004372

doi.org/10.1109/secpri.2002.1004372

Alert correlation in a cooperative intrusion detection framework

,

Published: Aug 24, 2005

Abstract

This paper presents the work we have done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS). This module implements functions to manage, cluster, merge and correlate alerts. The clustering and merging functions recognize alerts that correspond to the same occurrence of an attack and create a new alert that merge data contained in these various alerts. Experiments show that these functions...

Paper Fields

Paper Details

Title

Alert correlation in a cooperative intrusion detection framework

DOI

doi.org/10.1109/secpri.2002.1004372

Published Date

Aug 24, 2005

Citation AnalysisPro

You’ll need to upgrade your plan to Pro

Looking to understand the true influence of a researcher’s work across journals & affiliations?

Scinapse’s Top 10 Citation Journals & Affiliations graph reveals the quality and authenticity of citations received by a paper.
Discover whether citations have been inflated due to self-citations, or if citations include institutional bias.

Learn more

Notes

History