Reza Anbarestani - University, Qazvin Branch
Behzad Akbari - Modares University, Tehran
Fariba Fathi - University, Qazvin Branch,

Alert correlation aims to provide an abstract and high-level view of environment security state, as one can extract attack strategies from raw intrusion alerts. Mostexisting alert correlation approaches depend on either expert knowledge or predefined patterns for detecting complex attack steps. In this paper we provide a Bayesian network based alertcorrelation approach that is able to discover attack strategies without need to expert knowledge. The main goal of this workis extracting attack scenarios, with taking into account the sequence of actions. We also try to eliminate redundantrelationships in a detected attack scenario. The experimental evaluation using the well-known DARPA 2000 data set shows the efficiency of our proposed approach in extracting theintrusion scenarios

Alert Correlation, Intrusion Detection, Bayesian Networks, Network Security