{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,6]],"date-time":"2025-08-06T13:53:30Z","timestamp":1754488410919},"reference-count":0,"publisher":"Sociedade Brasileira de Computa\u00e7\u00e3o","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"abstract":"<jats:p>To support information security, organizations deploy Intrusion Detection Systems (IDS) that monitor information systems and networks, generating alerts for every suspicious behavior. However, the huge amount of alerts that an IDS triggers and their low-level representation make the alerts analysis a challenging task. In this paper, we propose a new approach based on hierarchical clustering that supports intrusion alert analysis in two main steps. First, it correlates historical alerts to identify the most typical strategies attackers have used. Then, it associates upcoming alerts in real time according to the strategies discovered in the first step. The experiments were performed using a real data set from the University of Maryland. The results show that the proposed approach can provide useful information for security administrators and may reduce the time between a security event and the response.<\/jats:p>","DOI":"10.5753\/sbsi.2016.5977","type":"proceedings-article","created":{"date-parts":[[2019,12,23]],"date-time":"2019-12-23T14:25:57Z","timestamp":1577111157000},"source":"Crossref","is-referenced-by-count":5,"title":["Intrusion Alert Correlation to Support Security Management"],"prefix":"10.5753","author":[{"given":"Cl\u00e1udio Toshio","family":"Kawakani","sequence":"first","affiliation":[]},{"given":"Sylvio","family":"Barbon Junior","sequence":"first","affiliation":[]},{"given":"Rodrigo Sanches","family":"Miani","sequence":"first","affiliation":[]},{"given":"Michel","family":"Cukier","sequence":"first","affiliation":[]},{"given":"Bruno Bogaz","family":"Zarpel\u00e3o","sequence":"first","affiliation":[]}],"member":"3742","published-online":{"date-parts":[[2016,5,17]]},"event":{"name":"XII Simp\u00f3sio Brasileiro de Sistemas de Informa\u00e7\u00e3o","acronym":"SBSI 2016"},"container-title":["Anais do Simp\u00f3sio Brasileiro de Sistemas de Informa\u00e7\u00e3o (SBSI)"],"original-title":[],"link":[{"URL":"https:\/\/sol.sbc.org.br\/index.php\/sbsi\/article\/download\/5977\/5875","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/sol.sbc.org.br\/index.php\/sbsi\/article\/download\/5977\/5875","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,12,23]],"date-time":"2019-12-23T15:08:15Z","timestamp":1577113695000},"score":1,"resource":{"primary":{"URL":"https:\/\/sol.sbc.org.br\/index.php\/sbsi\/article\/view\/5977"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,17]]},"references-count":0,"URL":"https:\/\/doi.org\/10.5753\/sbsi.2016.5977","relation":{},"subject":[],"published":{"date-parts":[[2016,5,17]]}}}