A Mission-Impact-Based Approach to INFOSEC Alarm Correlation

A Mission-Impact-Based Approach to INFOSEC Alarm Correlation

We describe a mission-impact-based approach to the analysis of security alerts produced by spatially distributed heterogeneous information security (INFOSEC) devices, such as firewalls, intrusion detection systems, authentication services, and antivirus software. The intent of this work is to delive...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Porras, Phillip A., Fong, Martin W., Valdes, Alfonso
Format: Tagungsbericht
Sprache:eng
Schlagworte:
alert management
alert prioritization
Applied sciences
Computer science
control theory
systems
Exact sciences and technology
intrusion report correlation
Memory and file management (including protection and security)
Memory organisation. Data processing
Network security
Software
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:We describe a mission-impact-based approach to the analysis of security alerts produced by spatially distributed heterogeneous information security (INFOSEC) devices, such as firewalls, intrusion detection systems, authentication services, and antivirus software. The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices through a strategy of topology analysis, alert prioritization, and common attribute-based alert aggregation. Our efforts to date have led to the development of a prototype system called the EMERALD Mission Impact Intrusion Report Correlation System, or M-Correlator. M-Correlator is intended to provide analysts (at all experience levels) a powerful capability to automatically fuse together and isolate those INFOSEC alerts that represent the greatest threat to the health and security of their networks.
ISSN:0302-9743
1611-3349
DOI:10.1007/3-540-36084-0_6