Publication Type:

Journal Article


Communications in Computer and Information Science, Volume 250 CCIS, Pune, p.662-666 (2011)





Alert classification, Alert correlation, Artificial intelligence, Correlation methods, IDS, Information technology, Intrusion detection, Networked systems, Number of components, Pre-processing, Prioritization, Single-step


Alert Correlation is a process that analyses the alerts produced by one or more Intrusion Detection Sensors and provides a clear picture of occurring or attempted intrusions. Even though the correlation process is often presented as a single step, the analysis is actually carried out by a number of components, each of which has a specific goal. The idea of prerequisites of an intrusion, that is the necessary condition for the intrusion to be successful and the possible outcomes of intrusion is the consequences. This method also help us to correlates two alerts if the consequence of the earlier alert prepares for the prerequisites of the later one. In this system, before alert classification we are performing normalization, pre-processing, and alert correlation. In correlation phase there are two types of correlation, which are duplicate removal (alert fusion) and consequence correlation. Thus the resulting alert set is clustered. Based on this analysis of the alert set, the prioritization component assigns an appropriate priority to every alert. This priority information is important for quickly discarding information that is irrelevant or of less importance. The second way of prioritizing is based on the number of alerts coming from the networked systems. © 2011 Springer-Verlag.


cited By (since 1996)0; Conference of org.apache.xalan.xsltc.dom.DOMAdapter@1e47e483 ; Conference Date: org.apache.xalan.xsltc.dom.DOMAdapter@1eb63fd Through org.apache.xalan.xsltc.dom.DOMAdapter@4f17807; Conference Code:87748

Cite this Research Publication

Sa Mallissery, Praveen, Kb, and Sathar, Sb, “Correlation of alerts using prerequisites and consequences for intrusion detection”, Communications in Computer and Information Science, vol. 250 CCIS, pp. 662-666, 2011.