SCOPUS 정보 검색 플랫폼

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6201 LNCS, Issue , 2010, Pages 153-172

An online adaptive approach to alert correlation

(3) Ren, Hanli a Stakhanova, Natalia a Ghorbani, Ali A a

a UNIVERSITY OF NEW BRUNSWICK (Canada)

Author keywords

alert correlation; Bayesian network

Indexed keywords

ADAPTIVE APPROACH; ALERT CORRELATION; ATTACK SCENARIOS; CAUSAL RELATIONSHIPS; DATA SETS; HONEYNET; INTRUSION ALERTS; INTRUSION DETECTION SYSTEMS; NETWORK ADMINISTRATOR; ON-THE-FLY; POTENTIAL STEPS; SYSTEM ADMINISTRATORS; TRAFFIC DATA; TWO STAGE;

BAYESIAN NETWORKS; COMPUTER CRIME; CORRELATION METHODS; DISTRIBUTED PARAMETER NETWORKS; INFERENCE ENGINES; INTELLIGENT NETWORKS;

INTRUSION DETECTION;

EID: 77955041904 PISSN: 03029743 EISSN: 16113349 Source Type: Book Series
DOI: 10.1007/978-3-642-14215-4_9 Document Type: Conference Paper

Times cited : (49)

References (26)

1
- 84947603083
- Probabilistic alert correlation
- Lee, W., Ḿe, L., Wespi, A. (eds.) RAID 2001. Springer, Heidelberg
- Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Ḿe, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.2212, pp. 54-68. Springer, Heidelberg (2001)
- (2001) LNCS , vol.2212 , pp. 54-68
- Valdes, A.¹ Skinner, K.²

2
- 0038011185
- Constructing attacks scenarios through correlation of intrusion alerts
- Ning, P., Cui, Y., Reeves, D.S.: Constructing attacks scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 245-254 (2002)
- (2002) Proceedings of the 9th ACM Conference on Computer and Communications Security , pp. 245-254
- Ning, P.¹ Cui, Y.² Reeves, D.S.³

3
- 84860495162
- Modeling multistep cyber attacks for scenario recognition
- Cheung, S., Lindqvist, U., Fong, M.: Modeling multistep cyber attacks for scenario recognition. In: DARPA Information Survivability Conference and Exposition, vol.1, pp. 284-292 (2003)
- (2003) DARPA Information Survivability Conference and Exposition , vol.1 , pp. 284-292
- Cheung, S.¹ Lindqvist, U.² Fong, M.³

4
- 0036079912
- Alert correlation in a cooperative intrusion detection framework
- Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 202-215 (2002)
- (2002) Proceedings of the 2002 IEEE Symposium on Security and Privacy , pp. 202-215
- Cuppens, F.¹ Miege, A.²

5
- 84944201343
- A language to model a database for detection of attacks
- Debar, H., Ḿe, L., Wu, S.F. (eds.) RAID 2000. Springer, Heidelberg
- Cuppens, F., Ortalo, R.: A language to model a database for detection of attacks. In: Debar, H., Ḿe, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol.1907, pp. 197-216. Springer, Heidelberg (2000)
- (2000) LNCS , vol.1907 , pp. 197-216
- Cuppens, F.¹ Ortalo, R.²

6
- 0036090387
- Statl: An attack language for statebased intrusion detection
- Eckmann, S.T., Vigna, G., Kemmerer, R.A.: Statl: An attack language for statebased intrusion detection. Journal of Computer Security 10, 71-103 (2002)
- (2002) Journal of Computer Security , vol.10 , pp. 71-103
- Eckmann, S.T.¹ Vigna, G.² Kemmerer, R.A.³

7
- 84862190056
- A language driven IDS for event and alert correlation
- Totel, E., Vivinis, B., Ḿe, L.: A language driven IDS for event and alert correlation. In: SEC, pp. 209-224 (2004)
- (2004) SEC , pp. 209-224
- Totel, E.¹ Vivinis, B.² Ḿe, L.³

8
- 33646844014
- A probabilistic-based framework for INFOSEC alert correlation
- Qin, X.: A probabilistic-based framework for INFOSEC alert correlation. In: Proceedings of the Symposium on Recent Advances in Intrusion Detection, vol.2820, pp. 73-93 (2003)
- (2003) Proceedings of the Symposium on Recent Advances in Intrusion Detection , vol.2820 , pp. 73-93
- Qin, X.¹

9
- 38149027709
- Alert correlation for extracting attack strategies
- Zhu, B., Ghorbani, A.A.: Alert correlation for extracting attack strategies. International Journal of Network Security, 244-258 (2006)
- (2006) International Journal of Network Security , pp. 244-258
- Zhu, B.¹ Ghorbani, A.A.²

10
- 63049125148
- An incremental frequent structure mining framework for real-time alert correlation
- Sadoddin, R., Ghorbani, A.A.: An incremental frequent structure mining framework for real-time alert correlation. Computers and Security 28, 153-173 (2009)
- (2009) Computers and Security , vol.28 , pp. 153-173
- Sadoddin, R.¹ Ghorbani, A.A.²

11
- 53049102892
- Building network attack graph for alert causal correlation
- Zhang, S., Li, J., Chen, X., Fan, L.: Building network attack graph for alert causal correlation. Computers and Security 27, 188-196 (2008)
- (2008) Computers and Security , vol.27 , pp. 188-196
- Zhang, S.¹ Li, J.² Chen, X.³ Fan, L.⁴

12
- 66449085932
- Reducing false positives in anomaly detectors through fuzzy alert aggregation
- Maggia, F., Matteuccia, M., Zanero, S.: Reducing false positives in anomaly detectors through fuzzy alert aggregation. Information Fusion 10, 300-311 (2009)
- (2009) Information Fusion , vol.10 , pp. 300-311
- Maggia, F.¹ Matteuccia, M.² Zanero, S.³

13
- 3142623031
- Clustering intrusion detection alarms to support root cause analysis
- Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security 6, 443-471 (2002)
- (2002) ACM Transactions on Information and System Security , vol.6 , pp. 443-471
- Julisch, K.¹

14
- 26444436687
- Using adaptive alert classification to reduce false positives in intrusion detection
- Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. Springer, Heidelberg
- Pietraszek, T.: Using adaptive alert classification to reduce false positives in intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.3224, pp. 102-124. Springer, Heidelberg (2004)
- (2004) LNCS , vol.3224 , pp. 102-124
- Pietraszek, T.¹

15
- 0034301662
- A data mining analysis of rtid alarms
- Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of rtid alarms. Computer Networks: The International Journal of Computer and Telecommunications Networking 34, 571-577 (2000)
- (2000) Computer Networks: The International Journal of Computer and Telecommunications Networking , vol.34 , pp. 571-577
- Manganaris, S.¹ Christensen, M.² Zerkle, D.³ Hermiz, K.⁴

16
- 67349164787
- Processing intrusion detection alert aggregates with time series modeling
- Viinikka, J., Debar, H., Ḿe, L.: Processing intrusion detection alert aggregates with time series modeling. Information Fusion 10, 312-324 (2009)
- (2009) Information Fusion , vol.10 , pp. 312-324
- Viinikka, J.¹ Debar, H.² Ḿe, L.³

17
- 77956988169
- M2d2: A formal datamodel for IDS alert correlation
- Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. Springer, Heidelberg
- Morin, B., Ḿe, L., Debar,H.,Ducasse, M.:M2d2: A formal datamodel for IDS alert correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.2516, pp. 115-137. Springer, Heidelberg (2002)
- (2002) LNCS , vol.2516 , pp. 115-137
- Morin, B.¹ Ḿe, L.² Debar, H.³ Ducasse, M.⁴

18
- 67349242974
- A logic-based model to support alert correlation in intrusion detection
- Morin, B., Ḿe, L., Debar, H., Ducasse, M.: A logic-based model to support alert correlation in intrusion detection. Information Fusion 10, 285-299 (2009)
- (2009) Information Fusion , vol.10 , pp. 285-299
- Morin, B.¹ Ḿe, L.² Debar, H.³ Ducasse, M.⁴

19
- 84958955499
- A mission-impact-based approach to infosec alarm correlation
- Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to infosec alarm correlation. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, pp. 95-114 (2002)
- (2002) Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection , pp. 95-114
- Porras, P.A.¹ Fong, M.W.² Valdes, A.³

20
- 0038289761
- Fusing a heterogeneous alert stream into scenarios
- Dain, O.M., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proceeding of the 2001 ACM Workshop on Data Mining for Security Applications, pp. 1-13 (2001)
- (2001) Proceeding of the 2001 ACM Workshop on Data Mining for Security Applications , pp. 1-13
- Dain, O.M.¹ Cunningham, R.K.²

21
- 35048901618
- Discovering novel attack strategies from INFOSEC alerts
- Sophia Antipolis
- Qin, X., Lee, W.: Discovering novel attack strategies from INFOSEC alerts. In: Proceedings of the 9th European Symposium on Research in Computer Security, Sophia Antipolis, pp. 439-456 (2004)
- (2004) Proceedings of the 9th European Symposium on Research in Computer Security , pp. 439-456
- Qin, X.¹ Lee, W.²

22
- 0003413187
- 2nd edn.
- Haykin, S.: Neural networks: A comprehensive foundation, 2nd edn. (1998)
- (1998) Neural Networks: A Comprehensive Foundation
- Haykin, S.¹

23
- 0003798635
- Cristianini, N., Taylor, J.S.: An introduction to support vector machines and other kernel-based learning methods (2000)
- (2000) An Introduction to Support Vector Machines and Other Kernel-based Learning Methods
- Cristianini, N.¹ Taylor, J.S.²

24
- 0003846041
- A tutorial on learning with bayesian networks
- Microsoft Research
- Heckerman, D.: A tutorial on learning with bayesian networks. Technical Report MSR-TR-95-106, Microsoft Research (1995)
- (1995) Technical Report MSR-TR-95-106
- Heckerman, D.¹

25
- 27644509863
- Laboratory, M.L.: 2000 darpa intrusion detection scenario specific datasets (2000)
- (2000) 2000 Darpa Intrusion Detection Scenario Specific Datasets
- Laboratory, M.L.¹

26
- 77955018676
- netForensics Honeynet team
- netForensics Honeynet team: Honeynet traffic logs, http://old.honeynet. org/scans/scan34/
- Honeynet Traffic Logs

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.