Privacy-preserving alert correlation: A concept hierarchy based approach

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2005, Issue , 2005, Pages 537-546

  Xu, Dingbang ^a   Ning, Peng ^a  

^a North Carolina State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BUILDING ATTACKS; INTRUSION ANALYSIS; PRIVACY PRESERVING ALERT CORRELATION; SANITIZATION PROCESSES;

COMPUTER CRIME; ENTROPY; HIERARCHICAL SYSTEMS; SECURITY OF DATA; SEMANTICS;

DATA PRIVACY;

EID: 33746644985     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2005.45     Document Type: Conference Paper

References (20)

1. N. Adam and J. Wortmann. Security-control methods for statistical databases: A comparison study. ACM Computing Surveys, 21 (4):515-556, 1989.
2. R. Agrawal and R. Srikant. Privacy-preserving data mining. In Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, May 2000.
3. T. Cover and J. Thomas. Elements of Information Theory. John Wiley & Sons, Inc., 1991.
4. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002.
5. H. Debar and A. Wespi. Aggregation and correlation of intrusion-detection alerts. In Recent Advances in Intrusion Detection, LNCS 2212, pages 85-103, 2001.
6. C. Liew, U. Choi, and C. Liew. A data distortion by probability distribution. ACM Transactions on Database Systems, 10(3):395-411, September 1985.
7. P. Lincoln, P. Porras, and V. Shmatikov. Privacy-preserving sharing and correlation of security alerts. In Proceedings of 13th USENIX Security Symposium, August 2004.
8. MIT Lincoln Lab. 2000 DARPA intrusion detection scenario specific datasets. http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html, 2000.
9. B. Morin and H. Debar. Correlation of intrusion symptoms: an application of chronicles. In Proceedings of the 6th International Conference on Recent Advances in Intrusion Detection (RAID'03), September 2003.
10. B. Morin, L. Me, H. Debar, and M. Ducassé. M2D2: A formal data model for IDS alert correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 115-137, 2002.
11. P. Ning, Y. Cui, and D. S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 245-254, Washington, D.C., November 2002.
12. P. Ning and D. Xu. Hypothesizing and reasoning about attacks missed by intrusion detection systems. ACM Transactions on Information and System Security, 7(4):591-627, November 2004.
13. P. Porras, M. Fong, and A. Valdes. A mission-impact-based approach to INFOSEC alarm correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 95-114, 2002.
14. S. Reiss. Practical data-swapping: The first steps. ACM Transactions on Database Systems, 9(1):20-37, March 1984.
15. P. Samarati and L. Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical Report SRI-CSL-98-04, Computer Science Laboratory, SRI International, 1998.
16. C. Shannon. A mathematical theory of communication. The Bell System Technical Journal, 21:319-423, 623-656, July 1948.
17. S. Staniford, J. Hoagland, and J. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105-136, 2002.
18. L. Sweeney. k-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5):557-570, October 2002.
19. A. Valdes and K. Skinner. Probabilistic alert correlation. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pages 54-68, 2001.
20. V. Yegneswaran, P. Barford, and S. Jha. Global intrusion detection in the domino overlay system. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS'04), February 2004.