This paper presents a new approach for the design of a correlation process to be used by intrusion detection systems to detect distributed attacks. The goal of this approach is to add more efficiency to the traditional correlation methods by considering two additional paradigms: similarity and distance approximation. It helps reducing the detection time and permits the security system to attempt detecting unknown attacks, in addition to the set of attacks predefined in ad hoc libraries.
展开▼