Aggregation and correlation of intrusion-detection alerts

Hervé Debar; Andreas Wespi

Aggregation and correlation of intrusion-detection alerts

Hervé Debar
, Andreas Wespi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.

Original language	English
Title of host publication	Recent Advances in Intrusion Detection - 4th International Symposium, RAID 2001, Proceedings
Editors	Wenke Lee, Ludovic Me, Andreas Wespi
Publisher	Springer Verlag
Pages	85-103
Number of pages	19
ISBN (Print)	3540427023, 9783540427025
Publication status	Published - 1 Jan 2001
Externally published	Yes
Event	4th International Symposium on Recent Advances in Intrusion Detection, RAID 2001 - Davis, United States Duration: 10 Oct 2001 → 12 Oct 2001

Publication series

Name	Lecture Notes in Computer Science
Volume	2212 2212 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	4th International Symposium on Recent Advances in Intrusion Detection, RAID 2001
Country/Territory	United States
City	Davis
Period	10/10/01 → 12/10/01

Keywords

Alert aggregation
Alert correlation
Alert data model
Intrusion detection

Cite this

@inproceedings{a0fc93f726164a6bb71255b32234e063,

title = "Aggregation and correlation of intrusion-detection alerts",

abstract = "This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.",

keywords = "Alert aggregation, Alert correlation, Alert data model, Intrusion detection",

author = "Herv{\'e} Debar and Andreas Wespi",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 2001.; 4th International Symposium on Recent Advances in Intrusion Detection, RAID 2001 ; Conference date: 10-10-2001 Through 12-10-2001",

year = "2001",

month = jan,

day = "1",

language = "English",

isbn = "3540427023",

series = "Lecture Notes in Computer Science",

publisher = "Springer Verlag",

pages = "85--103",

editor = "Wenke Lee and Ludovic Me and Andreas Wespi",

booktitle = "Recent Advances in Intrusion Detection - 4th International Symposium, RAID 2001, Proceedings",

}

Debar, H & Wespi, A 2001, Aggregation and correlation of intrusion-detection alerts. in W Lee, L Me & A Wespi (eds), Recent Advances in Intrusion Detection - 4th International Symposium, RAID 2001, Proceedings. Lecture Notes in Computer Science, vol. 2212 2212 LNCS, Springer Verlag, pp. 85-103, 4th International Symposium on Recent Advances in Intrusion Detection, RAID 2001, Davis, United States, 10/10/01.

Aggregation and correlation of intrusion-detection alerts. / Debar, Hervé; Wespi, Andreas.
Recent Advances in Intrusion Detection - 4th International Symposium, RAID 2001, Proceedings. ed. / Wenke Lee; Ludovic Me; Andreas Wespi. Springer Verlag, 2001. p. 85-103 (Lecture Notes in Computer Science; Vol. 2212 2212 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Aggregation and correlation of intrusion-detection alerts

AU - Debar, Hervé

AU - Wespi, Andreas

N1 - Publisher Copyright: © Springer-Verlag Berlin Heidelberg 2001.

PY - 2001/1/1

Y1 - 2001/1/1

N2 - This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.

AB - This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.

KW - Alert aggregation

KW - Alert correlation

KW - Alert data model

KW - Intrusion detection

M3 - Conference contribution

AN - SCOPUS:84947561772

SN - 3540427023

SN - 9783540427025

T3 - Lecture Notes in Computer Science

SP - 85

EP - 103

BT - Recent Advances in Intrusion Detection - 4th International Symposium, RAID 2001, Proceedings

A2 - Lee, Wenke

A2 - Me, Ludovic

A2 - Wespi, Andreas

PB - Springer Verlag

T2 - 4th International Symposium on Recent Advances in Intrusion Detection, RAID 2001

Y2 - 10 October 2001 through 12 October 2001

ER -

Aggregation and correlation of intrusion-detection alerts

Abstract

Publication series

Conference

Keywords

Fingerprint

Cite this