Mobile Lightweight Wireless Systems. Second International ICST Conference, MOBILIGHT 2010, Barcelona, Spain, May 10-12, 2010, Revised Selected Papers

Research Article

A Correlation Approach to Intrusion Detection

Download137 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-16644-0_19,
        author={Massimo Ficco and Luigi Romano},
        title={A Correlation Approach to Intrusion Detection},
        proceedings={Mobile Lightweight Wireless Systems. Second International ICST Conference, MOBILIGHT 2010, Barcelona, Spain, May 10-12, 2010, Revised Selected Papers},
        proceedings_a={MOBILIGHT},
        year={2012},
        month={10},
        keywords={detection fusion correlation},
        doi={10.1007/978-3-642-16644-0_19}
    }
    
  • Massimo Ficco
    Luigi Romano
    Year: 2012
    A Correlation Approach to Intrusion Detection
    MOBILIGHT
    Springer
    DOI: 10.1007/978-3-642-16644-0_19
Massimo Ficco1,*, Luigi Romano2,*
  • 1: Universita’ degli Studi di Napoli “Parthenope”, Centro Direzionale di Napoli
  • 2: Consorzio Interuniversitario Nazionale per l’Informatica (CINI)
*Contact email: massimo.ficco@consorzio-cini.it, luigi.romano@uniparthenope.it

Abstract

In this paper we discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations. The proposed solution allows to detect attack scenarios by collecting diverse information at several architectural levels, using distributed security probes, which is then used to perform complex event correlation of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by an ontology.