To search, Click below search items.


All Published Papers Search Service


Alert Correlation with Abstract Incident Modeling in a Multi-Sensor Environment


Ambareen Siraj, Rayford B. Vaughn


Vol. 7  No. 8  pp. 8-19


In response to proliferated attacks on enterprise systems today, many practitioners employ multiple, diverse sensors for increased information assurance because a single sensor cannot detect all types of attacks. A multi-sensor environment is characterized by deployment of a homogeneous and/or heterogeneous suite of sensors to monitor different entities in the corresponding environment. These multiple sensors may employ different strategies based on the model they use, the data source they monitor and the techniques they employ. Essentially, the primary advantage of using multiple sensors is to improve the detection rate and the coverage within the system. In multi-sensor environments, the sensors can collaborate with or complement each other to provide increased assurance of information. Although it makes good engineering sense to employ multiple sensors in a secure environment, however, managing data from these sensors is critically important. In this paper, we address the alert correlation aspect of sensor alert fusion in a multi-sensor environment. Here we describe the use of a causal knowledge-based inference technique with Fuzzy Cognitive Modeling to discover causal relationships in sensor data.


Alert correlation, sensor alert fusion, fuzzy cognitive modeling, network security