A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities
Abstract Information systems need to process a large amount of event monitoring data. The
process of finding the relationships between events is called correlation, which creates a …
process of finding the relationships between events is called correlation, which creates a …
Systematic literature review of security event correlation methods
Security event correlation approaches are necessary to detect and predict incremental
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …
Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey
H Albasheer, M Md Siraj, A Mubarakali… - Sensors, 2022 - mdpi.com
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of
enterprise networks against cyber-attacks. However, NIDS networks suffer from several …
enterprise networks against cyber-attacks. However, NIDS networks suffer from several …
Acquiring cyber threat intelligence through security information correlation
G Settanni, Y Shovgenya, F Skopik… - 2017 3rd IEEE …, 2017 - ieeexplore.ieee.org
Cyber Physical Systems (CPS) operating in modern critical infrastructures (CIs) are
increasingly being targeted by highly sophisticated cyber attacks. Threat actors have quickly …
increasingly being targeted by highly sophisticated cyber attacks. Threat actors have quickly …
A comparative study of correlation engines for security event management
SIEM (Software Information and Event Management) systems are becoming increasingly
commonplace in scenarios as diverse as ICT environments or Critical infrastructures …
commonplace in scenarios as diverse as ICT environments or Critical infrastructures …
A logic-based model to support alert correlation in intrusion detection
Managing and supervising security in large networks has become a challenging task, as
new threats and flaws are being discovered on a daily basis. This requires an in depth and …
new threats and flaws are being discovered on a daily basis. This requires an in depth and …
RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection
Today, from information security perspective, prevention methods are not enough solely.
Early Warning Systems (EWSs) are in the category of reactive methods. These systems are …
Early Warning Systems (EWSs) are in the category of reactive methods. These systems are …
KGBIAC: Knowledge graph based intelligent alert correlation framework
W Wang, R Jiang, Y Jia, A Li, Y Chen - … Symposium, CSS 2017, Xi'an China …, 2017 - Springer
Alert Correlation is a key part of intrusion detection technique. Traditional methods based on
the situation awareness techniques usually store the different dimensions of security …
the situation awareness techniques usually store the different dimensions of security …
New types of alert correlation for security information and event management systems
GG Granadillo, M El-Barbori… - 2016 8th IFIP international …, 2016 - ieeexplore.ieee.org
Current Security Information and Event Management systems (SIEMs) constitute the central
platform of modern security operations centers. They gather events from multiple sensors …
platform of modern security operations centers. They gather events from multiple sensors …
Intrusion alert prioritisation and attack detection using post-correlation analysis
Event Correlation used to be a widely used technique for interpreting alert logs and
discovering network attacks. However, due to the scale and complexity of today's networks …
discovering network attacks. However, due to the scale and complexity of today's networks …