Intrusion detection products that are currently available only provide support in terms of intrusion prevention and intrusion detection. We discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations1. The proposed solution allows to detect attack scenarios by collecting different information at several architectural levels, using distributed security probes, to perform complex event correlation and diagnosis analysis of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by ontology.
A Correlation Approach to Intrusion Detection
FICCO, Massimo;
2010-01-01
Abstract
Intrusion detection products that are currently available only provide support in terms of intrusion prevention and intrusion detection. We discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations1. The proposed solution allows to detect attack scenarios by collecting different information at several architectural levels, using distributed security probes, to perform complex event correlation and diagnosis analysis of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by ontology.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
