Journal article

Decentralized multi-dimensional alert correlation for collaborative intrusion detection

C Vincent Zhou, C Leckie, S Karunasekera

Journal of Network and Computer Applications | Published : 2009

DOI: 10.1016/j.jnca.2009.02.010

Abstract

The growth in coordinated network attacks such as scans, worms and distributed denial-of-service (DDoS) attacks is a profound threat to the security of the Internet. Collaborative intrusion detection systems (CIDSs) have the potential to detect these attacks, by enabling all the participating intrusion detection systems (IDSs) to share suspicious intelligence with each other to form a global view of the current security threats. Current correlation algorithms in CIDSs are either too simple to capture the important characteristics of attacks, or too computationally expensive to detect attacks in a timely manner. We propose a decentralized, multi-dimensional alert correlation algorithm for CID..

View full abstract

Grants

Funding Acknowledgements

We thank the NICTA Victoria Research Laboratory for funding this work. We would like to thank the Internet Storm Center for Providing LIS With the DShield Data set, and Vinod Yegneswaran from SRI International for his help with the DShield Data set.

Citation metrics

68Scopus
40Web of Science
61Dimensions

Keywords

4604 Cybersecurity and Privacy
Alert Correlation
Computer Science
Science & Technology
Computer Science, Interdisciplinary Applications
4606 Distributed Computing and Systems Software
Computer Science, Software Engineering
Worm Detection
46 Information and Computing Sciences
Bioengineering
Computer Science, Hardware & Architecture
Technology
Network-Level Security and Protection
Collaborative Intrusion Detection
Peer-To-Peer Networks
Distributed Networks
Stealthy Scan Detection