loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Salem Benferhat and Karima Sedki

Affiliation: CRIL-CNRS UMR-8188, Universit d’Artois, France

Keyword(s): Alert correlation, preferences logic, administrator’s preferences and knowledge.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: Intrusion detection systems (IDSs) are important tools for infortation systems security. However, they generate a large number of alerts which complicate the task of network administrator to understand these triggered alerts and take appropriate actions. In this paper, we present a logic-based approach to alert correlation. This logic allows to integrate administrator’s preferences and knowledge. Our logic, called Extended Qualitative Choice Logic (E Q C L ), is an extension of a fragment of first order logic. It adds a new connector, denoted →X that allows to represent administrator preferences. The objective of our logic-based alert correlation approach is to rank-order alerts generated by IDS on the basis of administrator preferences and knowledge. Only alerts that fully fit administrator’s preferences and knowledge are first presented. Then if needed, less preferred alerts (which falsify less important preferences) will be presented, and so on.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.147.89.50

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Benferhat, S. and Sedki, K. (2008). ALERT CORRELATION BASED ON A LOGICAL HANDLING OF ADMINISTRATOR PREFERENCES AND KNOWLEDGE. In Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT; ISBN 978-989-8111-59-3; ISSN 2184-3236, SciTePress, pages 50-56. DOI: 10.5220/0001924000500056

@conference{secrypt08,
author={Salem Benferhat. and Karima Sedki.},
title={ALERT CORRELATION BASED ON A LOGICAL HANDLING OF ADMINISTRATOR PREFERENCES AND KNOWLEDGE},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT},
year={2008},
pages={50-56},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001924000500056},
isbn={978-989-8111-59-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT
TI - ALERT CORRELATION BASED ON A LOGICAL HANDLING OF ADMINISTRATOR PREFERENCES AND KNOWLEDGE
SN - 978-989-8111-59-3
IS - 2184-3236
AU - Benferhat, S.
AU - Sedki, K.
PY - 2008
SP - 50
EP - 56
DO - 10.5220/0001924000500056
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic