[Home ] [Archive]   [ فارسی ]  
:: Main :: About :: Current Issue :: Archive :: Search :: Submit :: Contact ::
:: Volume 3, Issue 1 (9-2014) ::
3 2014, 3(1): 39-57 Back to browse issues page
Security Alert Correlation Survey and Study of These Features in OSSIM
Abstract:   (6675 Views)

With the increase in attacks, the different mechanisms in different layers of defense are applied in order to detect and prevent attacks. In this case we are encountered with massive amounts of alerts with low level and scattered information. Alert correlation is one of the solutions that are used to combine alerts and create a high level view of under controlled network security situations, and a lot of researches have been done in this field. In this paper, we describe the OSSIM and introduce its features. In addition with a combined approach to the alert correlation problem, a new categorization is done on the scientific researches and with respect to these researches, we described the process of alert correlation in the OSSIM and established a correspondence between components of the OSSIM and one of the researches. In most researches the focus is on the alerts correlation of intrusion detection systems, we have shown in this paper that the other resources are effective in multi-stage attacks correlation.

Keywords: Alert Correlation, OSSIM, Log Correlation, Multistage Attacks
Full-Text [PDF 2674 kb]   (1065 Downloads)    
Type of Study: Scientific extension | Subject: Special
Received: 2015/08/18 | Accepted: 2015/08/18 | Published: 2015/08/18
Add your comments about this article
Your username or Email:


XML   Persian Abstract   Print

Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Security Alert Correlation Survey and Study of These Features in OSSIM. 3 2014; 3 (1) :39-57
URL: http://monadi.isc.org.ir/article-1-26-en.html

Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Volume 3, Issue 1 (9-2014) Back to browse issues page
دوفصل نامه علمی ترویجی منادی امنیت فضای تولید و تبادل اطلاعات( افتا) Biannual Journal Monadi for Cyberspace Security (AFTA)
Persian site map - English site map - Created in 0.04 seconds with 30 queries by YEKTAWEB 4514