TY - JOUR T1 - Security Alert Correlation Survey and Study of These Features in OSSIM TT - مروری بر همبسته‌سازی هشدارهای امنیتی و بررسی این قابلیت‌ها در سامانه OSSIM JF - isc-monadi JO - isc-monadi VL - 3 IS - 1 UR - http://monadi.isc.org.ir/article-1-26-en.html Y1 - 2014 SP - 39 EP - 57 KW - Alert Correlation KW - OSSIM KW - Log Correlation KW - Multistage Attacks N2 - With the increase in attacks, the different mechanisms in different layers of defense are applied in order to detect and prevent attacks. In this case we are encountered with massive amounts of alerts with low level and scattered information. Alert correlation is one of the solutions that are used to combine alerts and create a high level view of under controlled network security situations, and a lot of researches have been done in this field. In this paper, we describe the OSSIM and introduce its features. In addition with a combined approach to the alert correlation problem, a new categorization is done on the scientific researches and with respect to these researches, we described the process of alert correlation in the OSSIM and established a correspondence between components of the OSSIM and one of the researches. In most researches the focus is on the alerts correlation of intrusion detection systems, we have shown in this paper that the other resources are effective in multi-stage attacks correlation. M3 ER -