Research Article
A Correlation Approach to Intrusion Detection
511 downloads
@INPROCEEDINGS{10.1007/978-3-642-16644-0_19, author={Massimo Ficco and Luigi Romano}, title={A Correlation Approach to Intrusion Detection}, proceedings={Mobile Lightweight Wireless Systems. Second International ICST Conference, MOBILIGHT 2010, Barcelona, Spain, May 10-12, 2010, Revised Selected Papers}, proceedings_a={MOBILIGHT}, year={2012}, month={10}, keywords={detection fusion correlation}, doi={10.1007/978-3-642-16644-0_19} }
- Massimo Ficco
Luigi Romano
Year: 2012
A Correlation Approach to Intrusion Detection
MOBILIGHT
Springer
DOI: 10.1007/978-3-642-16644-0_19
Abstract
In this paper we discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations. The proposed solution allows to detect attack scenarios by collecting diverse information at several architectural levels, using distributed security probes, which is then used to perform complex event correlation of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by an ontology.
Copyright © 2010–2024 ICST