Correlacionamento Distribuído de Alertas em Sistemas de Detecção de Intrusão

Thiago E. Bezerra de MelloRoberto A. Hexsel

As networks become faster intrusion detection systems must be able to cope with large amounts of data related to possible invasions, and generate alarms advising of potential network attacks. These alarms must be summarized prior to being analyzed by a human being. We present a parallel (distributed) alert correlation system that performs alarm correlation in two phases, local pre-processing and distributed post-processing. By splitting up the correlation system amongst several computers, each one might be smaller (and therefore cheaper) than would be necessary in a centralized system. We describe experiments performed to validate our design.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: