On the Use of Different Statistical Tests for Alert Correlation - Short Paper

Authors

Federico Maggi, Stefano Zanero

Venue

Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2007

Abstract

In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection domain, strongly depends on good choices of a parameter which proves to be both sensitive and difficult to estimate. We propose a different approach based on a set of simpler statistical tests, and we prove that our criteria work well on a simplified correlation task, without requiring complex configuration parameters.

BibTeX

@inproceedings{Maggi2007On_the,
  title     = {{On the Use of Different Statistical Tests for Alert Correlation - Short Paper}},
  author    = {Maggi, Federico and Zanero, Stefano},
  booktitle = {Proceedings of the 10th International Symposium on Recent Advances in Intrusion Detection},
  series    = {RAID},
  month     = {September},
  year      = {2007},
  pages     = {167--177}
}