Real-time alert correlation with type graphs
The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in an understandable way. Several algorithms exist for this purpose which use attack graphs to model the ways in which att...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Book Section |
| Published: |
Springer
2008
|
| Online Access: | https://eprints.nottingham.ac.uk/1285/ |