Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework

Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework

Despite of Network Intrusion Detection System/Sensors (NIDS) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict seq...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Indian journal of science and technology 2015-06, Vol.8 (12), p.1-1
Hauptverfasser: Md Siraj, Maheyzah, Taha Albasheer, Hashim Hussein, Mat Din, Mazura
Format: Artikel
Sprache:eng
Schlagworte:
Alternating current
Complement
Computer information security
Correlation
Intrusion
Real time
Sensors
Strategy
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1
container_issue 12
container_start_page 1
container_title Indian journal of science and technology
container_volume 8
creator Md Siraj, Maheyzah
Taha Albasheer, Hashim Hussein
Mat Din, Mazura
description Despite of Network Intrusion Detection System/Sensors (NIDS) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict sequence of attack scenarios. Thus, alert post-processing or known as Alert Correlation (AC) is much needed to derive current system security. AC aims to identify the complete relationship among intrusion alerts that can reveal the attacker strategy (i.e., sequence of attack scenarios). In this paper, the authors highlight the important research problems in developing AC which has motivate us to propose a new AC framework design that include attack prediction and proactive step in a real-time multiple sensors environment. It is worth mentioning that to complement NIDSs in detecting the incoming attacks, intrusion alert prediction is an exploratory area for future research for the purpose of improving the quality of correlation and predicting the next attacker scenario as a proactive step.
doi_str_mv 10.17485/ijst/2015/v8i12/70658
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1762070137</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1762070137</sourcerecordid><originalsourceid>FETCH-LOGICAL-c1337-d4a00030222b5595d444a3741795f9f9f4f5a828068014250521bae6cde56e973</originalsourceid><addsrcrecordid>eNotkE9rwkAQxZfSQsX6FUqOvaTZ_5scRWorKJViz8uaTGBtkrW7G6Xfvok6c5jH8Bje_BB6JviVKJ6LzB5CzCgmIjvlltBMYSnyOzTBheKpkFzc37TMuXxEsxAOeChGc6zwBG137mx8FZKth8qW0Z4g-QLTpNG2kGz6Jto0QBecD8mqi74P1nXJvAEfk4XzHhoTx83SmxbOzv88oYfaNAFmtzlF38u33eIjXX--rxbzdVoSxlRacTOmwJTSvRCFqDjnhilOVCHqYmheC5MPIWWOCacCC0r2BmRZgZBQKDZFL9e7R-9-ewhRtzaU0DSmA9cHTZSkw4eEjVZ5tZbeheCh1kdvW-P_NMH6QlGPFPVIUV8o6gtF9g-r9Gar</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1762070137</pqid></control><display><type>article</type><title>Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework</title><source>EZB-FREE-00999 freely available EZB journals</source><creator>Md Siraj, Maheyzah ; Taha Albasheer, Hashim Hussein ; Mat Din, Mazura</creator><creatorcontrib>Md Siraj, Maheyzah ; Taha Albasheer, Hashim Hussein ; Mat Din, Mazura</creatorcontrib><description>Despite of Network Intrusion Detection System/Sensors (NIDS) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict sequence of attack scenarios. Thus, alert post-processing or known as Alert Correlation (AC) is much needed to derive current system security. AC aims to identify the complete relationship among intrusion alerts that can reveal the attacker strategy (i.e., sequence of attack scenarios). In this paper, the authors highlight the important research problems in developing AC which has motivate us to propose a new AC framework design that include attack prediction and proactive step in a real-time multiple sensors environment. It is worth mentioning that to complement NIDSs in detecting the incoming attacks, intrusion alert prediction is an exploratory area for future research for the purpose of improving the quality of correlation and predicting the next attacker scenario as a proactive step.</description><identifier>ISSN: 0974-6846</identifier><identifier>EISSN: 0974-5645</identifier><identifier>DOI: 10.17485/ijst/2015/v8i12/70658</identifier><language>eng</language><subject>Alternating current ; Complement ; Computer information security ; Correlation ; Intrusion ; Real time ; Sensors ; Strategy</subject><ispartof>Indian journal of science and technology, 2015-06, Vol.8 (12), p.1-1</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c1337-d4a00030222b5595d444a3741795f9f9f4f5a828068014250521bae6cde56e973</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,777,781,27905,27906</link.rule.ids></links><search><creatorcontrib>Md Siraj, Maheyzah</creatorcontrib><creatorcontrib>Taha Albasheer, Hashim Hussein</creatorcontrib><creatorcontrib>Mat Din, Mazura</creatorcontrib><title>Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework</title><title>Indian journal of science and technology</title><description>Despite of Network Intrusion Detection System/Sensors (NIDS) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict sequence of attack scenarios. Thus, alert post-processing or known as Alert Correlation (AC) is much needed to derive current system security. AC aims to identify the complete relationship among intrusion alerts that can reveal the attacker strategy (i.e., sequence of attack scenarios). In this paper, the authors highlight the important research problems in developing AC which has motivate us to propose a new AC framework design that include attack prediction and proactive step in a real-time multiple sensors environment. It is worth mentioning that to complement NIDSs in detecting the incoming attacks, intrusion alert prediction is an exploratory area for future research for the purpose of improving the quality of correlation and predicting the next attacker scenario as a proactive step.</description><subject>Alternating current</subject><subject>Complement</subject><subject>Computer information security</subject><subject>Correlation</subject><subject>Intrusion</subject><subject>Real time</subject><subject>Sensors</subject><subject>Strategy</subject><issn>0974-6846</issn><issn>0974-5645</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><recordid>eNotkE9rwkAQxZfSQsX6FUqOvaTZ_5scRWorKJViz8uaTGBtkrW7G6Xfvok6c5jH8Bje_BB6JviVKJ6LzB5CzCgmIjvlltBMYSnyOzTBheKpkFzc37TMuXxEsxAOeChGc6zwBG137mx8FZKth8qW0Z4g-QLTpNG2kGz6Jto0QBecD8mqi74P1nXJvAEfk4XzHhoTx83SmxbOzv88oYfaNAFmtzlF38u33eIjXX--rxbzdVoSxlRacTOmwJTSvRCFqDjnhilOVCHqYmheC5MPIWWOCacCC0r2BmRZgZBQKDZFL9e7R-9-ewhRtzaU0DSmA9cHTZSkw4eEjVZ5tZbeheCh1kdvW-P_NMH6QlGPFPVIUV8o6gtF9g-r9Gar</recordid><startdate>20150623</startdate><enddate>20150623</enddate><creator>Md Siraj, Maheyzah</creator><creator>Taha Albasheer, Hashim Hussein</creator><creator>Mat Din, Mazura</creator><scope>AAYXX</scope><scope>CITATION</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope></search><sort><creationdate>20150623</creationdate><title>Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework</title><author>Md Siraj, Maheyzah ; Taha Albasheer, Hashim Hussein ; Mat Din, Mazura</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c1337-d4a00030222b5595d444a3741795f9f9f4f5a828068014250521bae6cde56e973</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Alternating current</topic><topic>Complement</topic><topic>Computer information security</topic><topic>Correlation</topic><topic>Intrusion</topic><topic>Real time</topic><topic>Sensors</topic><topic>Strategy</topic><toplevel>online_resources</toplevel><creatorcontrib>Md Siraj, Maheyzah</creatorcontrib><creatorcontrib>Taha Albasheer, Hashim Hussein</creatorcontrib><creatorcontrib>Mat Din, Mazura</creatorcontrib><collection>CrossRef</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><jtitle>Indian journal of science and technology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Md Siraj, Maheyzah</au><au>Taha Albasheer, Hashim Hussein</au><au>Mat Din, Mazura</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework</atitle><jtitle>Indian journal of science and technology</jtitle><date>2015-06-23</date><risdate>2015</risdate><volume>8</volume><issue>12</issue><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>0974-6846</issn><eissn>0974-5645</eissn><abstract>Despite of Network Intrusion Detection System/Sensors (NIDS) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict sequence of attack scenarios. Thus, alert post-processing or known as Alert Correlation (AC) is much needed to derive current system security. AC aims to identify the complete relationship among intrusion alerts that can reveal the attacker strategy (i.e., sequence of attack scenarios). In this paper, the authors highlight the important research problems in developing AC which has motivate us to propose a new AC framework design that include attack prediction and proactive step in a real-time multiple sensors environment. It is worth mentioning that to complement NIDSs in detecting the incoming attacks, intrusion alert prediction is an exploratory area for future research for the purpose of improving the quality of correlation and predicting the next attacker scenario as a proactive step.</abstract><doi>10.17485/ijst/2015/v8i12/70658</doi><tpages>1</tpages></addata></record>
fulltext fulltext
identifier ISSN: 0974-6846
ispartof Indian journal of science and technology, 2015-06, Vol.8 (12), p.1-1
issn 0974-6846
0974-5645
language eng
recordid cdi_proquest_miscellaneous_1762070137
source EZB-FREE-00999 freely available EZB journals
subjects Alternating current
Complement
Computer information security
Correlation
Intrusion
Real time
Sensors
Strategy
title Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T20%3A44%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Towards%20Predictive%20Real-time%20Multi-sensors%20Intrusion%20Alert%20Correlation%20Framework&rft.jtitle=Indian%20journal%20of%20science%20and%20technology&rft.au=Md%20Siraj,%20Maheyzah&rft.date=2015-06-23&rft.volume=8&rft.issue=12&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=0974-6846&rft.eissn=0974-5645&rft_id=info:doi/10.17485/ijst/2015/v8i12/70658&rft_dat=%3Cproquest_cross%3E1762070137%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1762070137&rft_id=info:pmid/&rfr_iscdi=true