A Correlation Approach to Intrusion Detection

Massimo Ficco; Luigi Romano

Mobile Lightweight Wireless Systems. Second International ICST Conference, MOBILIGHT 2010, Barcelona, Spain, May 10-12, 2010, Revised Selected Papers

Research Article

A Correlation Approach to Intrusion Detection

Download

479 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1007/978-3-642-16644-0_19,
    author={Massimo Ficco and Luigi Romano},
    title={A Correlation Approach to Intrusion Detection},
    proceedings={Mobile Lightweight Wireless Systems. Second International ICST Conference, MOBILIGHT 2010, Barcelona, Spain, May 10-12, 2010, Revised Selected Papers},
    proceedings_a={MOBILIGHT},
    year={2012},
    month={10},
    keywords={detection fusion correlation},
    doi={10.1007/978-3-642-16644-0_19}
}

Massimo Ficco
Luigi Romano
Year: 2012
A Correlation Approach to Intrusion Detection
MOBILIGHT
Springer
DOI: 10.1007/978-3-642-16644-0_19

Massimo Ficco¹^,*, Luigi Romano²^,*

1: Universita’ degli Studi di Napoli “Parthenope”, Centro Direzionale di Napoli
2: Consorzio Interuniversitario Nazionale per l’Informatica (CINI)

*Contact email: massimo.ficco@consorzio-cini.it, luigi.romano@uniparthenope.it

Abstract

In this paper we discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations. The proposed solution allows to detect attack scenarios by collecting diverse information at several architectural levels, using distributed security probes, which is then used to perform complex event correlation of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by an ontology.

Keywords: detection fusion correlation

Published: 2012-10-17

: http://dx.doi.org/10.1007/978-3-642-16644-0_19