We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Alert Correlation Algorithms: A Survey and Taxonomy

Abstract: Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. To reach these goals, many algorithms have been introduced in the world with many advantages and disadvantages. In this paper, we are trying to present a comprehensive survey on already proposed alert correlation algorithms. The approach of this survey is mainly focused on algorithms in correlation engines which can work in enterprise and practical networks. Having this aim in mind, many features related to accuracy, functionality, and computation power are introduced and all algorithm categories are assessed with these features. The result of this survey shows that each category of algorithms has its own strengths and an ideal correlation frameworks should be carried the strength feature of each category.
Comments: Symposium on Cyberspace Safety and Security (CSS), Lecture Notes in Computer Science, Springer International Publishing, vol 8300, pp 183-197, Zhangjiajie, China, November 2013
Subjects: Cryptography and Security (cs.CR)
DOI: 10.1007/978-3-319-03584-0_14
Cite as: arXiv:1811.00921 [cs.CR]
  (or arXiv:1811.00921v1 [cs.CR] for this version)

Submission history

From: Sajjad Arshad [view email]
[v1] Fri, 2 Nov 2018 15:12:05 GMT (114kb)

Link back to: arXiv, form interface, contact.