Group Discussion thread - APA Format

Peer-1

Data correlation is something very important to identify threats and make plans for countering such incidents to prevent. Correlation is one of the most powerful analytic methods available for threat investigation. In today’s world, Intrusion detection systems are only useful when the alarm streams that result from signature or profile-based processing can be correlated with data from other areas. Data comparison determines which is usual and which is unusual behavior. Data comparison, especially from different areas, develops a clearer picture of adversary activity.

There are different varieties of commercial firewalls including intrusion detection schemes, provide this capacity now, although the truth is that several system administrators do not obtain control of this variety of security. This is normally due to a loss of experience by the method, as well as a common need of local information about the emergence and entry traffic within business gateway or edge. The systems that are being used these days by business organizations have become much smarter than the ones in the previous generation. However, this also means that the treats on the systems have become more powerful and risky. The techniques to deal with those threats have been discussed well in your post.

Correlation of domain based involves comparing data from one domain with data collected in an entirely different context. Relevant differences in the data collection environments include computing environment, software architecture, networking technology, application profiles, and type of business being supported. In this approach, data aggregated from multiple sources is correlated to identify patterns, trends, and relationships. Other static information about a firewall, such as its inbound and outbound policy, is also important for correlation. The problem is that it is not always easy to determine if something suspicious is truly malicious. Generally, correlation with other data is required to make this determination (Amoroso, 2010).

Peer-2

The modern phase of the system in day-to-day network protection correlation in enduring national infrastructure environments is based upon a system identified as threat management. The data aggregated of various sources are compared to recognize designs, courses, and links. The overall strategy relies on a safety data and event administration (SIEM) method toward the underlying models and collection of related data (Amoroso, 2012).

 A SIEM rule does the most useful it can under terms of knowing correlation situations, utilizing the most suitable possible algorithms for profile, signature, domain, including time-based inquiry, directed to the sound limitations the initial feeds into a conventional commercially possible SIEM device for threat management remain placed in the case. The interaction among the different security tools in a local threat control method is sometimes sincere. If anintrusion detection method produces an alert indicating some sort of difficulty including a presented Internet protocol (IP) source address including similar target port, also if the local conditions also provides inbound traffic cover this target port, then the correlation method could make a suggestion that the local firewall check either this reference address instead this port (Brown, 2006).

Various commercial firewalls including intrusion detection schemes, provide this capacity now, although the truth is that several system administrators do not obtain control of this variety of security. This is normally due to a loss of experience by the method, as well as a common need of local information about the emergence and entry traffic within an business gateway or edge.

Peer – 3

Hi,

  The field of medicine often requires drawing inferences r e g a r d i n g t h e a s s o c i a t i o n o r relationship between two or more variables. In an earlier article on “Measures of Association” we introduced the concept of finding associations [relationships] b e t w e e n t w o v a r i a b l e s t h a t were binary and categorical in nature. 1 Therein, we explored several possible relationships between these binary variables and understood metrics such as absolute risk, relative risk and odds ratio . The end result of a correlation analysis is a Correlation coefficient whose values range from -1 to +1. A correlation coefficient of +1 indicates that the two variables are perfectly related in a positive [linear ] manner, a correlation coefficient of -1 indicates that two variables are perfectly related in a negative [linear ] manner, while a correlation coefficient of zero indicates that there is no linear relationship between the two variables being studied .  The advantage of the scatter plot is that it is simple to construct, is non-mathematical in nature and is unaffected by any extreme values that may be present in the data set. It also tells us immediately if there are outliers or if the relationship i s a c t u a l l y n o n - l i n e a r o r n o t entirely linear. A line is usually drawn through the points on a scatter plot to identify linearity in the relationship. This line is called the regression line or the least squares line, because it is determined such that the sum of the squared distances of all the data points from the line is the lowest possible. This will be discussed in greater detail in the next article on regression analysis. The disadvantage of a scatter plot is that it does not give us one single value that will help us to understand whether or not there is a correlation between the variables  being studied and hence we need to go a step ahead now to calculate a correlation coefficient. A c o r r e l a t i o n c o e f f i c i e n t is that single value or number which establishes a relationship between the two variables being studied. Two methods are used to calculate this value, viz. the Karl Pearson’s product moment correlation coefficient r or more simply Karl Pearson’s correlation coefficient r and the Spearman’s rank correlation coefficient rho (ρ) or Spearman’s rho (ρ) in short.