10.2. Review of Alert Correlation and Related Techniques
Although most alert correlation techniques share the same objective of discovering relationships among isolated alerts, these techniques have evolved with respect to the different relationships they discover. Early work on alert correlation usually focused on the syntax similarity between alerts. That is, they group alerts with similar attributes into natural clusters to simplify the further examination of alerts [8–11]. These techniques are especially useful as preprocessing steps prior to other analyses. Some of the techniques correlate similar alerts based on their statistical or temporal similarity [12, 13]. Such methods can provide supplementary results about unknown attacks or unknown ...
Get Information Assurance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
