Data reduction in intrusion alert correlation

WSEAS Transactions on Computers

Volumn 5, Issue 1, 2006, Pages 186-193

  Tedesco, Gianni ^a   Aickelin, Uwe ^a  

^a UNIVERSITY OF NOTTINGHAM   (United Kingdom)

Author keywords

Alert correlation; Attack graphs; Denial of service attacks; Intrusion detection systems; Token bucket filter

Indexed keywords

CORRELATION METHODS; DATA REDUCTION; GRAPH THEORY; MATHEMATICAL MODELS; NETWORK PROTOCOLS; SENSOR DATA FUSION; TELECOMMUNICATION TRAFFIC;

ATTACK GRAPHS; DENIAL OF SERVICE ATTACKS; INTRUSION ALERT CORRELATION; INTRUSION DETECTION SYSTEMS; NETWORK INTRUSION DETECTION SENSORS; TOKEN BUCKET FILTER;

SECURITY OF DATA;

EID: 30644478743     PISSN: 11092750     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (19)

1. ZDNet UK News. http://news.zdnet.co.uk/internet/security/ 0,39020375,2085099,00.htm
2. G. Coretex. "Fun With Packets: Designing a Stick." Endeavor Systems Inc., 2002.
3. T. H. Ptacek and N. N. Newsham. "Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection." Secure Networks Inc., 1998.
4. Xinzhou Qin. Wenke Lee. "Attack Plan Recognition and Prediction Using Causal Networks". Proceedings of Annual Computer Security Applications Conference, 2004.
5. Peng Ning. Yen Cui, and Douglas S Reeves. "Constructing Attack Scenarios through Correlation of Intrusion Alerts." Proceedings of the 9th ACM Conference on Computer & Communications Security. 2002. pp. 245-254.
6. Peng Ning, Dingbang X, Christopher G. Healey, Robert and St. Amant. "Building Attack Scenarios through Integration of Complementary Alert Methods." Proceedings of the 11th Annual Network and Distributed System Security Symposium, 2004, pp. 97-111.
7. Oleg Sheyner, Joshua Haines and Somesh Jha. "Automated Generation and Analysis of Attack Graphs." Proceedings of the IEEE Symposium on Security and Privac,. 2002. pp. 273.
8. "The Science of Intrusion Detection System Attack Identification." Cisco Systems.2002, http://www.cisco.com/warp/ public/cc/pd/sqsw/sqidsz/prodlit/idssa_wp.htm
9. Sniph. "snot". 2001.
10. Marty Roesch. "Snort - Lightweight Intrusion Detection for Networks". USENIX 13th Systems Administration Conference, 1999.
11. G. Woodruff, R. Rogers and P. Richards. "A congestion control framework for high-speed integrated packetized transport." IEEE Globecomm, 88. 19988.
12. R. Wade, M. Kara and P.M. Dew. "Study of a Transport Protocol Employing Bottleneck Probing and Token Bucket Flow Control." Fifth IEEE Symposium on Computers and Communications, 2002.
13. J. Turner. "New directions in communications (or which way to the information age?)" IEEE Communications Magazine, Vol.24, No.10, pp. 8-15.
14. Lingyu Wang, Anyi Liu and Sushil Jajoda. "An Efficient Unified Approach to Correlating Hypothesising, and Predicting Intrusion Alerts." Proceedings of European Symposium on Computer Security, 2005. pp. 247-266.
15. Sushil Jajodia, Steve Noel and Brian O'Berry. "Topological analysis of network attack vulnerability." Managing Cyber Threats: Issues, Approaches and Challenges, 2005. Springer. pp. 248-266.
16. Martin Devera. "Hierarchical token bucket theory." 2002. http://luxik.cdi.cz/~devik/qos/htb/manual/theory.htm
17. Gianni Tedesco. 2005. Firestorm IDS. http://www.scaramanga.co.uk/ firestorm/
18. Leres Van Jacobson, Craig McCanne and Steven McCanne. "tcpdump". Lawrence Berkeley National Laboratory.
19. Shmoo Group. "CCTF Defcon Data". 2001. http://www.shmoo.com/ cctf/