Monitoring IDS background noise using EWMA control charts and alert information

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3224, Issue , 2004, Pages 166-187

  Viinikka, Jouni ^a   Debar, Hervé ^a  

^a ORANGE LABS   (France)

Author keywords

Alert volume reduction; EWMA; Ids background noise

Indexed keywords

FLOWCHARTING; INTRUSION DETECTION; MERCURY (METAL); PATTERN MATCHING;

BACKGROUND NOISE; EWMA; EWMA CONTROL CHARTS; EXPONENTIALLY WEIGHTED MOVING AVERAGE CONTROL CHARTS; INTRUSION DETECTION SYSTEMS; MONITORED SYSTEMS; TIME-CONSUMING TASKS; VOLUME REDUCTIONS;

CONTROL CHARTS;

EID: 35048877559     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30143-1_9     Document Type: Article

References (18)

1. James P. Anderson. Computer Security Threat Monitoring and Surveillance. Technical report, James P. Anderson Co., Fort Washington, Pa 19034, April 1980.
2. Klaus Julisch and Marc Dacier. Mining Intrusion Detection Alarms for Actionable Knowledge. In Proceedings of Knowledge Discovery in Data and Data Mining (SIGKDD), 2002.
3. P. A. Porras, M. W. Fong, and A. Valdes. A Mission-Impact-Based Approach to INFOSEC Alarm Correlation. In Wespi et al. [17], pages 95-114.
4. B. Morin and H. Debar. Correlation of Intrusion Symptoms: an Application of Chronicles. In Vigna et al. [18], pages 94-112.
5. H. Debar and B. Morin. Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems. In Wespi et al. [17].
6. Klaus Julisch. Mining Alarm Clusters to Improve Alarm Handling Efficiency. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC2001), December 2001.
7. Soon Tee Teoh, Kwan-Liu Ma, S. Felix Wu, and Xiaoliang Zhao. A Visual Technique for Internet Anomaly Detection. In Proceedings of IASTED Computer Graphics and Imaging. ACTA Press, 2002.
8. S. W. Roberts. Control Chart Tests Based On Geometric Moving Averages. Technometrics, 1(3):230-250, 1959.
9. Nong Ye, Sean Vilbert, and Qiang Chen. Computer Intrusion Detection Through EWMA for Autocorrelated and Uncorrelated Data. IEEE Transactions on Reliability, 52(1):75-82, March 2003.
10. Nong Ye, Connie Borror, and Yebin Chang. EWMA Techniques for Computer Intrusion Detection Through Anomalous Changes In Event Intensity. Quality and Reliability Engineering International, 18:443-451, 2002.
11. 2 Statistic and EWMA Control Chart. URL: http://arqos.csc.ncsu.edu/papers.htm, February 2002.
12. Peter Mell, Vincent Hu, Richard Lippman, Joss Haines, and Marc Zissman. An Overview of Issues in Testing Intrusion Detection Systems. NIST IR 7007, NIST CSRC - National Institute of Standards and Technology, Computer Security Resource Center, June 2003.
13. Hervé Debar, Marc Dacier, and Andreas Wespi. A Revised Taxonomy of Intrusion-Detection Systems. Technical Report RZ 3176 (#93222), IBM Research, Zurich, October 1999.
14. A. Valdes and K. Skinner. Probabilistic Alert Correlation. In Wenke Lee, Ludovic Mé, and Andreas Wespi, editors, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), volume 2212 of Lecture Notes in Computer Science, Heidelberg, Germany, 2001. Springer-Verlag.
15. Xinzhou Qin and Wenke Lee. Statistical Causality Analysis of INFOSEC Alert Data. In Vigna et al. [18], pages 73-93.
16. Stefanos Manganaris, Marvin Christensen, Dan Zerkle, and Keith Hermiz. A Data Mining Analysis of RTID Alarms. 2nd International Symposium on Recent Advances in Intrusion Detection (RAID 1999), 1999. Available online: http://www.raid-symposium.org/raid99/PAPERS/Manganaris,pdf.
17. Andreas Wespi, Giovanni Vigna, and Luca Deri, editors. Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), volume 2516 of Lecture Notes in Computer Science, Heidelberg, Germany, 2002. Springer-Verlag.
18. Giovanni Vigna, Erland Jonsson, and Christopher Kruegel, editors. Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), volume 2820 of Lecture Notes in Computer Science, Heidelberg, Germany, 2003. Springer-Verlag.