In this paper, we study the problem of security alert correlation with an emphasis on attack scenario analysis.

In our framework, we use clustering techniques to process low-level alert data into high-level aggregated alerts, and conduct causal analysis based on ...

The results show that the approach can discover new patterns of attack relationships when the alerts of attacks are statistically correlated, ...

In our framework, we use clustering techniques to process low-level alert data into high-level aggregated alerts, and conduct causal analysis based on ...

GCT can also result in false causality if two unrelated alerts happen to have a strong statistical pattern. Lee et al.

We use a Bayesian based alert correlation feature selection model to automatically extract information about causal relationships among alerts. Based on the ...

Statistical causality analysis of IN-. FOSEC alert data. In Proceedings of the 6th Interna- tional Symposium on Recent Advances in Intrusion Detec- tion ...

In this paper we analyze the use of different types of sta- tistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality ...

This paper provides a survey of the state of the art in alert correlation techniques. Our main contribution is a two-fold classification of literature.

In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality ...