Alert correlation through triggering events and common resources

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2004, Pages 360-369

  Xu, Dingbang ^a   Ning, Peng ^a  

^a North Carolina State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLUSTERING; COMMON RESOURCES; LOW-SEVERITY ALERTS; NETWORK TRAFFIC;

COMPUTER CRIME; COMPUTER VIRUSES; CONGESTION CONTROL (COMMUNICATION); PROBLEM SOLVING; SECURITY OF DATA; SECURITY SYSTEMS; SERVERS; SOCIETIES AND INSTITUTIONS;

NEURAL NETWORKS;

EID: 21644452488     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2004.5     Document Type: Conference Paper

References (24)

1. AT & T Research Labs. Graphviz - open source graph layout and drawing software, http://www.research.att.com/sw/tools/graphviz/.
2. F. Cuppens. Managing alerts in a multi-intrusion detection environment. In Proceedings of the 17th Annual Computer Security Applications Conference, December 2001.
3. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002.
4. D. Curry and H. Debar. Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. Internet Draft, draft-ietf-idwg-idmef-xml-03.txt, Feb. 2001.
5. DARPA Cyber Panel Program. DARPA cyber panel program grand challenge problem. http://www.grandchallengeproblem.net/, 2003.
6. H. Debar and A. Wespi. Aggregation and correlation of intrusion-detection alerts. In Recent Advances in Intrusion Detection, LNCS 2212, pages 85 - 103, 2001.
7. J. Haines, D. Ryder, L. Tinnel, and S. Taylor. Validation of sensor alert correlators. IEEE Security & Privacy Magazine, 1(1):46-56, 2003.
8. J. Man and M. Kamber. Data Mining: Concepts and Techniques. Morgan Kaufmann Publishers, 2001.
9. Internet Security Systems. RealSecure intrusion detection system.http://www.iss.net.
10. Internet Security Systems, Inc. REALSECURE signatures reference guide, http://www.iss.net/.
11. H. S. Javitz and A. Valdes. The NIDES statistical component: Description and justification. Technical report, SRI International, Mar. 1994.
12. K. Julisch. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, 6(4):443-471, Nov 2003.
13. B. Morin and H. Debar. Correlation of intrusion symptoms: an application of chronicles. In Proceedings of the 6th International Conference on Recent Advances in Intrusion Detection (RAID'03), September 2003.
14. B. Morin, L. Me, H. Debar, and M. Ducassé. M2D2: A formal data model for IDS alert correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 115-137, 2002.
15. P. Ning, Y. Cui, and D. S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 245-254, Washington, D.C., November 2002.
16. P. Porras, M. Fong, and A. Valdes. A mission-impact-based approach to INFOSEC alarm correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 95-114, 2002.
17. M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 1999 USENIX LISA conference, 1999.
18. S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105-136, 2002.
19. Symantec Corporation. Symantec's norton antivirus, http://www.Symantec.com.
20. S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of New Security Paradigms Workshop, pages 31-38. ACM Press, September 2000.
21. Tripwire, Inc. Tripwire changing monitoring and reporting solutions, http://www.tripwire.com.
22. A. Valdes and K. Skinner. Probabilistic alert correlation. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pages 54-68, 2001.
23. V. Yegneswaran, P. Barford, and S. Jha. Global intrusion detection in the domino overlay system. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS'04), February 2004.
24. Zone Labs. Zonealarm pro. http://www.zonelabs.com.