Correlated Alerts and Non-Intrusive Alerts
As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuse- and anomaly-based. In particular, the main challenges in current research are highlighted and reviewed: alert correlation algorithms. The uses of Collaborative intrusion detection system (CIDS) together with other multiple security systems raise certain issues and challenges in alert correlation. Different techniques for alert correlation are discussed. The focus will be on correlation of CIDS alerts. Computational Intelligence approaches, together with their applications on IDSs, are reviewed. In conclusion, the paper highlights opportunities for an integrated solution to large-scale Correlation Alerts.