10.4. Alert Correlation, Hypothesis, Prediction, and Aggregation
This section discusses the vulnerability-centric approach to the correlation, hypothesis, prediction, and aggregation of intrusion alerts. First, Section 10.4.1 discusses alert correlation in offline applications and its limitations. Then, Section 10.4.2 describes the vulnerability-centric alert correlation method, Section 10.4.3 discusses alert hypothesis and prediction, Section 10.4.4 discusses alert aggregation, and finally, Section 10.4.5 presents experimental results.
10.4.1. Alert Correlation in Offline Applications
In a typical offline alert correlation method, when a new alert arrives, it searches the previously received alerts to find those that prepare for it. This process ...
Get Information Assurance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
