Real-time alert correlation with type graphs

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5352 LNCS, Issue , 2008, Pages 173-187

  Tedesco, Gianni ^a   Aickelin, Uwe ^a  

^a UNIVERSITY OF NOTTINGHAM   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; INFORMATION SYSTEMS; SECURITY OF DATA;

ABSTRACT MODELING; ATTACK GRAPHS; ATTACK MODELS; GRAPH ALGORITHMS; INTRUSION DETECTION SYSTEM (NIDS); VULNERABILITY ASSESSMENTS;

INTRUSION DETECTION;

EID: 58449084939     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-89862-7_16     Document Type: Conference Paper

References (15)

1. Bayer, R.: Symmetric Binary B-Tees: Data structure and maintenance algorithms. Acta Inf. 1, 290-306 (1972)
2. Xu, D., Ning, P.: Alert Correlation through Triggering Events and Common Resources. In: Proc. 20th Annual Computer Security Applications Conference (2004)
3. Tedesco, G.: A'I'G correlator source code and documentation (2008), http://www.scaraman.ga.co.uk/atg/
4. Tedesco, G., Twycross, J., Aickelin, U,: Integrating innate and adaptive immunity for intrusion detection. In: Proc. International Conference on Artificial Immune Systems (2006)
5. Swiler, L.P., Phillips, C, Ellis, D., Chakerian, S.: Computer Attack Graph Generation Tool. In: Proc. DARPA Information Survivability Conference & Exposition II (2000)
6. Wang, L., Liu, A., Jajodia, S.: An Efficient, Unified Approach to Correlating, Hypothesizing, and Predicting Intrusion Alerts. In: Proc. European Symposium on Computer Security (2005)
7. Ning, P., Xu, D.: Adapting Query Optimization Techniques for Efficient Intrusion Alert Correlation. Technical Report TR-2002-14 NCSU Dept. of Computer-Science (2002)
8. Ning, P., Xu, D.: Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems. ACM Transactions on Information and System Security 7(4), 591-627 (2004)
9. Ning, P., Cui, Y., Reeves, D.S.: Analyzing Intensive Intrusion Alerts Via Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516. Springer, Heidelberg (2002)
10. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios through Correlation of Intrusion Alerts. In: Proc. 9th ACM Conference on Computer & Communications Security, pp. 245-254 (2002)
11. Ning, P., Xu, D., Healy, C.G., Amant, R.S.: Building Attack Scenarios through Integration of Complementary Alert Correlation Methods. In: Proc. 11th Annual Network and Distributed System Security Symposium, pp. 97-111 (2004)
12. Deraison, R.: Nessus automated vulenrability scanner (2008), http://www.nessus.org/
13. Templeton, S.J., Levitt, K.: Requires/Provides Model for Computer Attacks. In:Proc. Workshop on New Security Paradigms (2000)
14. Noel, S., Jajodia, S., O'Berry, B.: Topological Analysis of Network Vulnerability. In: Managing Cyber Threats: Issues Approaches and Challenges (2005)
15. Zhai, Y., Ning, P., Iyer, P., Reeves, D.S.: Reasoning about Complementary Intrusion Evidence. In: Proc. 20th Annual Computer Security Applications Conference (2004)