hamid farhadi - department of information technology
rasool jalili - network security center sharif university of technology tehran
mohammad khansari - department of information technology

While intrusion detection systems IDSs are widely used , large number of alerts as well as high rate of false positive events make such a security mechanism insufficient , accordingly a track of recent security research, focused on alert correlation. this paper proposes a markov model MM based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise.

Alert correlation, markov model , intrusion deterction, plan recognition.