\input zb-basic
\input zb-ioport
\iteman{io-port 05980015}
\itemau{Yuan, Jingbo; Ding, Shunli}
\itemti{An alerts correlation technology for large-scale network intrusion detection.}
\itemso{Gong, Zhiguo (ed.) et al., Web information systems and mining. International conference, WISM 2011, Taiyuan, China, September 24--25, 2011. Proceedings, Part I. Berlin: Springer (ISBN 978-3-642-23970-0/pbk). Lecture Notes in Computer Science 6987, 352-359 (2011).}
\itemab
Summary: Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.
\itemrv{~}
\itemcc{}
\itemut{intrusion detection; alert aggregation; alarm correlation; association rule mining}
\itemli{doi:10.1007/978-3-642-23971-7\_44}
\end