sahel1389
New member
- Joined
- Nov 3, 2013
- Member Type
- Student or Learner
- Native Language
- Persian
- Home Country
- Iran
- Current Location
- Iran
Intrusion detection systems are security tools which used in computer networks. The main goal of intrusion detection is to detect each security policy violation on a system of information.There are many methods in field of intrusion detection. Most existing approaches are generally limited to detect unknown attack scenario. Many of them have used expert knowledge. In practice, generating and analyzing of them is the most challenging task. Therefore, they aren’t suitable for real-time use. In fact, the current IDSs generate a tremendous number of intrusion alerts. Many of them are false positive. Alert correlation methods have been proposed to decrease the number of alerts and make them more meaningful. In this paper, we introduce an approach to alert correlation by HMM. First of all,the aggregation component merges low-level alerts with together. Therefore, alerts rate are reduced. Second, we use Hidden Markov Model to correlates hyper alerts. The most advantage of our approach is that an attack scenario can be found without expert knowledge. We also evaluate our approach by experiment with DARPA 2000 data set.
I want you to show me my mistakes. I'll be grateful for your advice.
Thanks in advance.
I want you to show me my mistakes. I'll be grateful for your advice.
Thanks in advance.