Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2001: Recent Advances in Intrusion Detection pp 85–103Cite as

Aggregation and Correlation of Intrusion-Detection Alerts

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2212))

Abstract

This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.

This work was performed while employed by the IBM Zurich Research Laboratory.

This work was partially supported by the European IST Project MAFTIA (IST- 1999-11583). However, it represents the view of the author. The MAFTIA project is partially funded by the European Commission and the Swiss Department for Education and Science.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Magnus Almgren, Hervé Debar, and Marc Dacier. A lightweight tool for detecting web server attacks. In Symposium on Network and Distributed Systems Security (NDSS’ 00), pages 157–170, San Diego, CA, February 2000. Internet Society.

    Google Scholar 

  2. Taurus Bey. Tec rules: Planning for efficiency. The Managed View, 3(2):5–20, Spring 1999.

    Google Scholar 

  3. Hervé Debar, Marc Dacier, and Andreas Wespi. A revised taxonomy for intrusiondetection systems. Annales des télécommunications, 55 (7-8):361–378, July-August 2000.

    Google Scholar 

  4. IBM International Technical Support Organization. Early Experiences with Tivoli Enterprise Console 3.7, November 2000. IBM Redbook SG24-6015-00.

    Google Scholar 

  5. IBM International Technical Support Organization. Tivoli SecureWay Risk Manager: Correlating Enterprise Risk Management, November 2000. IBM Redbook SG24-6021-00.

    Google Scholar 

  6. Tivoli Systems. Tivoli SecureWay Risk Manager, User’s Guide, Version 3.7, December 2000.

    Google Scholar 

  7. Tivoli Systems. TME 10 Enterprise Console, User’s Guide, Version 3.7, November 2000.

    Google Scholar 

  8. Wietse Venema. TCP WRAPPER: Network monitoring, access control and booby traps. In UNIX Security III Symposium, pages 85–92, Baltmore, MD, September 1992. Usenix.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. France Télécom R&D, 42 Rue des Coutures, F-14000, Caen, France

    Hervé Debar

  2. Zurich Research Laboratory, IBM Research, Säumerstrasse 4, CH-8803, Rüschlikon, Switzerland

    Andreas Wespi

Authors
  1. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Wespi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, College of Computing, 801 Atlantic Drive, Atlanta, Georgia, 30332-0280, USA

    Wenke Lee

  2. SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France

    Ludovic Mé

  3. IBM Research, Zurich Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Debar, H., Wespi, A. (2001). Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_6

Download citation

  • DOI: https://doi.org/10.1007/3-540-45474-8_6

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42702-5

  • Online ISBN: 978-3-540-45474-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation