Intrusion detection products that are currently available only provide support in terms of intrusion prevention and intrusion detection. We discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations1. The proposed solution allows to detect attack scenarios by collecting different information at several architectural levels, using distributed security probes, to perform complex event correlation and diagnosis analysis of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by ontology.

A Correlation Approach to Intrusion Detection

FICCO, Massimo;
2010

Abstract

Intrusion detection products that are currently available only provide support in terms of intrusion prevention and intrusion detection. We discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations1. The proposed solution allows to detect attack scenarios by collecting different information at several architectural levels, using distributed security probes, to perform complex event correlation and diagnosis analysis of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by ontology.
2010
Ficco, Massimo; Romano,
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11591/218158
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
social impact