Multistep attacks, that involve multiple correlated intrusion activities to reach the intended target, are common in the current cybersecurity landscape. On the other hand, modern Network Intrusion Detection Systems (NIDS) are still designed to generate alerts related to single attacks, with no or minimal correlations between dierent security alerts. Hence the burden of correlating security alerts and reconstructing complete attack scenarios is entirely placed on system administrators.
This project aims to solve this issue by applying novel correlation techniques to security alerts generated by Intrusion Detection Systems.
|Master Thesis by Fabio Manganiello "Machine learning algorithms for clustering and correlating security alerts in intrusion detection systems"||1.32 MB|