• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology


Indian Journal of Science and Technology

Year: 2015, Volume: 8, Issue: 12, Pages: 1-10

Original Article

Towards Predictive Real-time Multi-sensors Intrusion Alert Correlation Framework


Despite of Network Intrusion Detection System/Sensors (NIDSs) deployment in the computer networks to detect various attacks, it raises a serious problem. They generate a high volume of low-quality intrusion alerts when attack scenarios have taken place. Worst, NIDSs cannot extract or even predict sequence of attack scenarios. Thus, alert post-processing or known as Alert Correlation (AC) is much needed to derive current system security. AC aims to identify the complete relationship among intrusion alerts that can reveal the attacker strategy (i.e., sequence of attack scenarios). Current works do not provide attack prediction and proactive actions when attack scenarios were launched. Prediction can assists early warning and prevention to avoid the attack from escalating and damaging the network. In this paper, we highlight the important research problems in developing AC which has motivate us to propose a new AC framework design that include attack prediction and proactive step in a real-time multiple sensors environment. It is worth mentioning that to complement NIDSs in detecting the incoming attacks, intrusion alert prediction is an exploratory area for future research for the purpose of improving the quality of correlation and predicting the next attacker scenario as a proactive step.

Keywords: Attack Scenarios Prediction, Intrusion Alert Prediction, Network Security, NIDS, Real-Time Alert Correlation 


Subscribe now for latest articles and news.