Finding corrupted computers using imperfect intrusion prevention system event data

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5219 LNCS, Issue , 2008, Pages 221-234

  Chrun, Danielle ^a   Cukier, Michel ^a   Sneeringer, Gerry ^b  

^a UNIVERSITY OF MARYLAND   (United States)

^b UNIVERSITY OF MARYLAND   (United States)

Author keywords

Empirical study; Intrusion prevention systems; Security metrics

Indexed keywords

EMPIRICAL DATUMS; EMPIRICAL STUDY; EXTERNAL-; FALSE NEGATIVES; INTRUSION PREVENTION SYSTEMS; LARGE ORGANIZATIONS; MALICIOUS ACTIVITIES; MONITORING DEVICES; ONE HANDS; SECURITY EXPERTS; SECURITY METRICS; TRUE POSITIVES;

INTRUSION DETECTION; LAUNCHING; RELIABILITY; SOCIETIES AND INSTITUTIONS;

COMPUTER SYSTEMS;

EID: 56449101271     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-87698-4_20     Document Type: Conference Paper

References (16)

1. Bailey, M., Cooke, E., Jahanian, F., Provos, N., Rosaen, K., Watson, D.: Data Reduction for the Scalable Automated Analysis of Distributed Darknet Traffic. In: Proceedings of the USENIX/ACM Internet Measurement Conference, New Orleans (2005)
2. Sung, M., Haas, M., Xu, J.: Analysis of DoS attack traffic data. In: 2002 FIRST Conference, Hawaii (2002)
3. Viinikka, J., Debar, H., Mé, L., Séguier, R.: Time series modeling for IDS alert management. In: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pp. 102-113. ACM Press, New York (2006)
4. Clifton, C., Gengo, G.: Developing custom intrusion detection filters using data mining. In: MILCOM 2000. 21st Century Military Communications Conference Proceedings, vol. 1 (2000)
5. Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: Proceedings of the 17th Annual Computer Security Applications Conference, vol. 32. IEEE Computer Society, Los Alamitos (2001)
6. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: IEEE Symposium on Security and Privacy, pp. 202-215 (2002)
7. Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC), pp. 12-21 (2001)
8. Julisch, K.: Data mining for Intrusion Detection. Applications of Data Mining in Computer Security. Kluwer Academic Publishers, Dordrecht (2002)
9. Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366-375. ACM Press, New York (2002)
10. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34(4), 571-577 (2000)
11. Pietraszek, T.: Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection. In: Recent Advances In Intrusion Detection: 7th International Symposium. Springer, Heidelberg (2004)
12. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. Recent Advances in Intrusion Detection. Springer, Heidelberg (2001)
13. Morin, B., Me, L., Debar, H., Ducasse, M.: M2D2: A Formal Data Model for IDS Alert Correlation. In: Recent Advances in Intrusion Detection: 5th Internatonal Symposium. Springer, Heidelberg (2002)
14. Ning, P., Xu, D., Healey, C., Amant, R.S.: Building attack scenarios through integration of complementary alert correlation methods. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium, pp. 97-111 (2004)
15. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Proceedings of the Fourth International Workshop on the Recent Advances in Intrusion Detection (2001)
16. Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.: Comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 1(3), 146-169 (2004)