Abstract
The approach proposed in this paper involves the creation of a new algorithm for analyzing correlation alerts and providing the correct information regarding the detection of various types of security attacks, such as DDoS. It also enables the evaluation of the attack status, the degree of danger from the viewpoint of a managed network environment and the assets protected by the security devices. This paper proposes an advanced ESM system (referred to as the "SIA System"), which is capable of grouping a large amount of alert messages, analyzing mixed attacks using correlation alert messages from each sensor and responding to security threats quickly, after classifying them into one of four different statuses. It was confirmed that this system implementation could identify and analyze all types of intrusion by attackers in a managed network. Therefore, it provides a very effective means for security experts to cope with security threats in real time.
| Original language | English |
|---|---|
| Pages (from-to) | 889-902 |
| Number of pages | 14 |
| Journal | Journal of Information Science and Engineering |
| Volume | 22 |
| Issue number | 4 |
| Publication status | Published - 2006 Jul |
Keywords
- ESM (enterprise security management)
- Meta-IDS
- SIA (security information alert)
- SIM (security information management)
- Status evaluation logic
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Hardware and Architecture
- Library and Information Sciences
- Computational Theory and Mathematics