Intrusion Alert Correlation based on D-S Evidence Theory


Current intrusion detection systems (IDSs) often trigger a large amount of alerts, most of which are redundant alerts and false positives. Consequently, it is difficult for administrators to understand the alerts and take appropriate actions. Several alert correlation methods have been proposed. However, these methods don't consider the differences in… (More)


5 Figures and Tables