A flexible approach to intrusion alert anonymization and correlation

2006 Securecomm and Workshops

Volumn , Issue , 2006, Pages

  Xu, Dingbang ^a   Ning, Peng ^a  

^a North Carolina State University

Author keywords

[No Author keywords available]

Indexed keywords

ALERT CORRELATIONS; ALERT DATA; ALERT SETS; ANONYMIZATION; ATTACK SCENARIOS; ATTRIBUTE VALUES; CONCEPT HIERARCHIES; CORRELATION ANALYSIS; DATA SETS; DATA SHARING; PRIVACY CONCERNS; PRIVACY PROTECTION; RANDOM VALUES; SECURITY RESEARCH; SENSITIVE DATA;

CORRELATION METHODS;

EID: 50049118707     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECCOMW.2006.359544     Document Type: Conference Paper

References (19)

1. N. Adam and J. Wortmann. Security-control methods for statistical databases: A comparison study. ACM Computing Surveys, 21(4):515-556, 1989.
2. R. Agrawal and R. Srikant. Privacy-preserving data mining. In Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, May 2000.
3. T. Cover and J. Thomas. Elements of Information Theory. John Wiley & Sons, Inc., 1991.
4. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002.
5. H. Debar and A. Wespi. Aggregation and correlation of intrusion-detection alerts. In Recent Advances in Intrusion Detection, LNCS 2212, pages 85-103, 2001.
6. A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In Proceedings of the 22th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, June 2003.
7. J. Han and M. Kamber. Data Mining: Concepts and Techniques. Morgan Kaufmann Publishers, 2001.
8. K. Julisch. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, 6(4):443-471, Nov 2003.
9. P. Lincoln, P. Porras, and V. Shmatikov. Privacy-preserving sharing and correlation of security alerts. In Proceedings of 13th USENIX Security Symposium, August 2004.
10. MIT Lincoln Lab. 2000 DARPA intrusion detection scenario specific datasets. http://www.ll.mit.edu/IST/ ideval/data/2000/2000_data_index.html, 2000.
11. B. Morin and H. Debar. Correlation of intrusion symptoms: an application of chronicles. In Prceedings of the 6th International Conference on Recent Advances in Intrusion Detection (RAID '03), September 2003.
12. P. Ning, Y. Cui, and D. S Reeves. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 245-254, Washington, D.C., November 2002.
13. P. Ning and D. Xu. Hypothesizing and reasoning about attacks missed by intrusion detection systems. ACM Transactions on Information and System Security, 7(4):591-627, November 2004.
14. P.A. Porras, M.W. Fong, and A. Valdes. A mission-impact-based approach to INFOSEC alarm correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pages 95-114, 2002.
15. S. Reiss. Practical data-swapping: The first steps. ACM Transactions on Database Systems, 9(l):20-37, March 1984.
16. P. Samarati and L. Sweeney. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical Report SRI-CSL-98-04, Computer Science Laboratory, SRI International, 1998.
17. S. Stamford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2): 105-136, 2002.
18. A. Valdes and K. Skinner. Probabilistic alert correlation. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pages 54-68, 2001.
19. D. Xu and P. Ning. Privacy-preserving alert correlation: A concept hierarchy based approach. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC '05), December 2005.