Decentralized Event Correlation for Intrusion Detection

2002 ◽  
pp. 114-131 ◽  
Author(s):  
Christopher Krügel ◽  
Thomas Toth ◽  
Clemens Kerer
Keyword(s):  
Intrusion Detection ◽  
Event Correlation

scholarly journals INFORMATION SECURITY EVENT CORRELATION ALGORITHMS

2020 ◽  
Vol 61 (3) ◽  
pp. 50-59
Author(s):  
Anton D. Moskvichev ◽  
◽  
Mikhail V. Dolgachev ◽  
Keyword(s):  
Information Security ◽  
Intrusion Detection ◽  
High Accuracy ◽  
Intrusion Detection Systems ◽  
Event Correlation ◽  
Detection Systems ◽  
Advantages And Disadvantages ◽  
Security Event ◽  
Correlation System ◽  
High Level

An event correlation system is a system that receives events from various intrusion detection systems, reduces the number of false events, detects high-level attacks, raises the value of incidents, predicts future attacks, and detects sources of attacks. Many algorithms have their advantages and disadvantages. This article provides an overview of existing event correlation algorithms. The material presented in the article is focused on the algorithms used in correlation mechanisms. The authors of the article introduce functions related to accuracy, functionality and computational capabilities, and compare the categories of algorithms using these functions. The result of this review shows that each category of algorithms has its own strengths, and ideal event correlation systems should have the strengths of each of the categories. In conclusion, the authors of the article conclude that these algorithms are effective and can be used as a correlator module in systems of the SIEM class. Based on the results, the authors make a choice in favor of knowledge base algorithms because of their high accuracy, which is a prerequisite for the application of the algorithm in the field of information security, and low resource consumption.

Security of Cyber-Physical Systems: A Generalized Algorithm for Intrusion Detection and Determining Security Robustness of Cyber Physical Systems using Logical Truth Tables

2013 ◽  
Vol 9 ◽  
Author(s):  
Curtis G. Northcutt
Keyword(s):  
Intrusion Detection ◽  
Cyber Security ◽  
Logical Truth ◽  
Cyber Physical Systems ◽  
Security Model ◽  
Security Measures ◽  
Physical Systems ◽  
Multiple Signal ◽  
Security Attack ◽  
Truth Tables

The recent proliferation of embedded cyber components in modern physical systems [1] has generated a variety of new security risks which threaten not only cyberspace, but our physical environment as well. Whereas earlier security threats resided primarily in cyberspace, the increasing marriage of digital technology with mechanical systems in cyber-physical systems (CPS), suggests the need for more advanced generalized CPS security measures. To address this problem, in this paper we consider the first step toward an improved security model: detecting the security attack. Using logical truth tables, we have developed a generalized algorithm for intrusion detection in CPS for systems which can be defined over discrete set of valued states. Additionally, a robustness algorithm is given which determines the level of security of a discrete-valued CPS against varying combinations of multiple signal alterations. These algorithms, when coupled with encryption keys which disallow multiple signal alteration, provide for a generalized security methodology for both cyber-security and cyber-physical systems.

Sign in / Sign up

Export Citation Format

Share Document