|
Showing 1 - 2 of
2 matches in All Departments
The tremendous increase in usage and complexity of modern
communication and network systems connected to the Internet, places
demands upon security management to protect organisations'
sensitive data and resources from malicious intrusion. A
methodology for analysing alerts using a proposed framework for
alert correlation, has been presented to provide the security
operator with a global view of the security perspective. Missed
alerts are recovered implicitly using a contextual technique to
detect multi-stage attack scenarios. This is based on the
assumption that the most serious intrusions consist of relevant
steps that temporally ordered. The pre- and post- condition
approach is used to identify the logical relations among low level
alerts. The alerts are aggregated, verified using vulnerability
modelling, and correlated to construct multi-stage attacks.A number
of algorithms have been proposed in this book to support the
functionality of our framework including: alert correlation, alert
aggregation and graph reduction. These algorithms have been
implemented in a tool called Multi-stage Attack Recognition System
(MARS) consisting of a collection of integrated components.
|
|
Email address subscribed successfully.
A activation email has been sent to you.
Please click the link in that email to activate your subscription.