Exploiting diversity and correlation to improve the performance of intrusion detection systems

2009 International Conference on Network and Service Security, N2S 2009

Volumn , Issue , 2009, Pages

  Coppolino, L ^a,b   D'Antonio, S ^a,b   Esposito, M ^a,c   Romano, L ^a,b,c  

^a UNIVERSITY OF NAPLES PARTHENOPE   (Italy)

^b Consorzio Interuniversitario Nazionale per l'Informatica ^*  (Italy)

^c CNR   (Italy)

Author keywords

Complex event processing; Information diversity; Intrusion detection; Log correlation

Indexed keywords

APPLICATION LEVEL; ARCHITECTURAL LEVELS; COMPLEX EVENT PROCESSING; COMPUTER SECURITY; FALSE POSITIVE; INFORMATION SOURCES; INTRUSION DETECTION SYSTEMS; KEY ISSUES; LOG CORRELATION; ONTOLOGY-BASED; SCALABLE SYSTEMS;

COMPUTER CRIME; CORRELATION METHODS; NETWORK SECURITY; ONTOLOGY;

INTRUSION DETECTION;

EID: 70449632946     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. Hervé Debar, Marc Dacier, Andreas Wespi, Towards a taxonomy of intrusion-detection systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v. 31 n. 9, p. 805-822, April 23, 1999
2. Fisher and R. Gruber, "PADS: a domain-specific language for processing ad hoc data", in Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, 2005.
3. Campanile, Ferdinando; Cilardo, Alessandro; Coppolino, Luigi; Romano, Luigi, "Adaptable Parsing of Real-Time Data Streams," Parallel, Distributed and Network-Based Processing, 2007. PDP '07. 15th EUROMICRO International Conference on, vol., no., pp. 412-418, 7-9 Feb. 2007
4. J. Moscola, Y. H. Cho, J. W. Lockwood, "Reconfigurable Context-Free Grammar based Data Processing Hardware with Error Recovery", in Proceedings of International Parallel & Distributed Processing Symposium (IPDPS/RAW), Rhodes Island, Greece, 2006.
5. Xambala, Using AnyContentTM Semantic Processing to provide a Better Regex Solution, 2005, http://www.xambala.com/ (last accessed 12/10/2008)
6. O. Dubuisson, ASN.1: Communication between heterogeneous systems, Morgan Kaufmann, 2001.
7. G. Back, "DataScript - A specification and scripting language for binary data", in Proceedings of Generative Programming and Component Engineering, vol. 2487. LNCS, pp. 66-77, 2002.
8. P. McCann and S. Chandra, "PacketTypes: Abstract specification of network protocol messages", in ACM Conference of Special Interest Group on Data Communications (SIGCOMM), pp. 321-333, 1998.
9. D. Carney, U. Çetintemel, A. Rasin, S. B. Zdonik, M. Cherniack, M. Stonebraker: Operator Scheduling in a Data Stream Manager. VLDB 2003: 838-849
10. S. Babu, J. Widom: StreaMon: An Adaptive Engine for Stream Query Processing. SIGMOD Conference 2004: 931-932
11. Hyo-Sang Lim, Jae-Gil Lee, Min-Jae Lee, Kyu-Young Whang, Il-Yeol Song: Continuous query processing in data streams using duality of data and queries. 313-324
12. The Borealis project, http://www.cs.brown.edu/research/borealis/public/ (last accessed 12/10/2008)
13. StreamBase Technical Documentation, available at http://www.streambase. com (last accessed 12/10/2008)
14. Coral 8, http://www.coral8.com/ (last accessed 12/10/2008)
15. Dingbang Xu and Peng Ning, "Correlation Analysis of Intrusion Alerts", Advances in Information Security, Intrusion Detection Systems, Springer US, Volume 38, pagg. 65-92, 2008
16. W. G. Halfond, J. Viegas, and A. Orso, A Classification of SQL-Injection Attacks and Countermeasures, in proc. of the International Symposium on Secure Software Engineering, pp. 795-798, Mar. 2006, ACM Press.