| The development of network security makes traditional static defensive techniques not to accommodate with security. So people adopted dynamic defensive techniques to withstand threats. Intrusion detection system (IDS) is one of the dynamic defensive techniques and plays a very important role. But current intrusion detection systems usually generate a large amount of false alerts and none of them can capture the logical steps or strategies behind the attacks. In situations where there are intensive intrusive actions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users to understand the intrusions behind the alerts and take appropriate actions.This paper presents a correlation analysis approach based on the state transition to resolve these issues by analyzing large numbers of attack techniques, and discusses how to definite intrusion steps by the number, with this event correlation analysis method, an Intrusion Detection System is designed based on relational analysis engine. |
PDF Full Text Request