Publication detail

An Analysis of Correlations of Intrusion Alerts in an NREN

BARTOŠ, V. ŽÁDNÍK, M.

Original Title

An Analysis of Correlations of Intrusion Alerts in an NREN

English Title

An Analysis of Correlations of Intrusion Alerts in an NREN

Type

conference paper

Language

en

Original Abstract

An ever increasing impact and amount of network attacks have driven many organizations to deploy various network monitoring and analysis systems such as honeypots, intrusion detection systems, log analysers and flow monitors. Besides improving these systems a logical next step is to collect and correlate alerts from multiple systems distributed across organizations. The idea is to leverage a joint effect of multiple monitoring systems to build a more robust and efficient system, ideally, lacking the shortcomings of the individual contributing systems. This paper presents an analysis of alert reports gathered from several such detectors deployed in national research and education network (NREN). The analysis focuses on the correlations of reported events in temporal domain as well as on the correlations of different event types.

English abstract

An ever increasing impact and amount of network attacks have driven many organizations to deploy various network monitoring and analysis systems such as honeypots, intrusion detection systems, log analysers and flow monitors. Besides improving these systems a logical next step is to collect and correlate alerts from multiple systems distributed across organizations. The idea is to leverage a joint effect of multiple monitoring systems to build a more robust and efficient system, ideally, lacking the shortcomings of the individual contributing systems. This paper presents an analysis of alert reports gathered from several such detectors deployed in national research and education network (NREN). The analysis focuses on the correlations of reported events in temporal domain as well as on the correlations of different event types.

Keywords

network intrusion detection, malicious traffic, spatio-temporal correlations, alert aggregation

RIV year

2014

Released

01.12.2014

Publisher

IEEE Communications Society

Location

Athény

ISBN

978-1-4799-5725-5

Book

2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)

Edition

NEUVEDEN

Edition number

NEUVEDEN

Pages from

305

Pages to

309

Pages count

5

URL

BibTex


@inproceedings{BUT111532,
  author="Václav {Bartoš} and Martin {Žádník}",
  title="An Analysis of Correlations of Intrusion Alerts in an NREN",
  annote="An ever increasing impact and amount of network attacks have driven many
organizations to deploy various network monitoring and analysis systems such as
honeypots, intrusion detection systems, log analysers and flow monitors. Besides
improving these systems a logical next step is to collect and correlate alerts
from multiple systems distributed across organizations. The idea is to leverage
a joint effect of multiple monitoring systems to build a more robust and
efficient system, ideally, lacking the shortcomings of the individual
contributing systems. This paper presents an analysis of alert reports gathered
from several such detectors deployed in national research and education network
(NREN). The analysis focuses on the correlations of reported events in temporal
domain
as well as on the correlations of different event types.",
  address="IEEE Communications Society",
  booktitle="2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)",
  chapter="111532",
  doi="10.1109/CAMAD.2014.7033255",
  edition="NEUVEDEN",
  howpublished="electronic, physical medium",
  institution="IEEE Communications Society",
  year="2014",
  month="december",
  pages="305--309",
  publisher="IEEE Communications Society",
  type="conference paper"
}