SCOPUS 정보 검색 플랫폼

Computers and Security

Volumn 29, Issue 6, 2010, Pages 712-723

A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm

(4) Tjhai, Gina C a Furnell, Steven M a Papadaki, Maria a Clarke, Nathan L a

a UNIVERSITY OF PLYMOUTH (United Kingdom)

Author keywords

Alarm correlation; False alarm; Intrusion Detection System; K means clustering; Self Organising Map (SOM)

Indexed keywords

ALARM CORRELATION; FALSE ALARMS; INTRUSION DETECTION SYSTEMS; K-MEANS CLUSTERING; SELF-ORGANISING MAPS;

ARTS COMPUTING; COMPUTER CRIME; ERRORS; INTRUSION DETECTION; NEURAL NETWORKS; WATER SUPPLY SYSTEMS;

ALARM SYSTEMS;

EID: 77955430292 PISSN: 01674048 EISSN: None Source Type: Journal
DOI: 10.1016/j.cose.2010.02.001 Document Type: Article

Times cited : (82)

References (31)

1
- 26444495635
- IDS false alarm reduction using continuous and discontinuous patterns Third international conference on applied cryptography and network security
- ACNS, New York
- A. Alharby, and H. Imai IDS false alarm reduction using continuous and discontinuous patterns Third international conference on applied cryptography and network security, ACNS, New York, United State Lecture notes in computer science vol. 3531 2005
- (2005) Lecture Notes in Computer Science , vol.3531
- Alharby, A.¹ Imai, H.²

2
- 77955426691
- Basic Analysis and Security Engine (BASE) Project 2007 http://base.secureideas.net/
- (2007) Basic Analysis and Security Engine (BASE) Project

3
- 11844284488
- B. Caswell, and M. Roesch Snort: the open source network intrusion detection system 2004
- (2004) Snort: The Open Source Network Intrusion Detection System
- Caswell, B.¹ Roesch, M.²

4
- 10444228269
- Alarm reduction and correlation in defence of IP networks
- Chyssler T, Nadjm-Tehrani S, Burschka S, Burbeck K. Alarm reduction and correlation in defence of IP networks. In: Proceedings of the 13th IEEE international Workshops on enabling technologies: infrastructure for collaborative enterprises; 2004a, p. 22934.
- (2004) Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises , pp. 229-234
- Chyssler, T.¹ Nadjm-Tehrani, S.² Burschka, S.³ Burbeck, K.⁴

5
- 48249127345
- The Department of Computer and Information Science Linkopings Universitet
- T. Chyssler, S. Burschka, M. Semling, T. Lingvall, and K. Burbeck Alarm reduction and correlation in intrusion detection systems 2004 The Department of Computer and Information Science Linkopings Universitet Available via:
- (2004) Alarm Reduction and Correlation in Intrusion Detection Systems
- Chyssler, T.¹ Burschka, S.² Semling, M.³ Lingvall, T.⁴ Burbeck, K.⁵

6
- 0346841737
- CIS
- CIS SOM toolbox 2.0 2005
- (2005) SOM Toolbox 2.0

7
- 0036079912
- Alert correlation in a cooperative intrusion detection framework
- Cuppens F, Miege A. Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE symposium on security and privacy; 2002, p. 202.
- (2002) Proceedings of the 2002 IEEE Symposium on Security and Privacy , pp. 202
- Cuppens, F.¹ Miege, A.²

8
- 0038289761
- Fusing a heterogeneous alert stream into scenarios
- Philadelphia, PA; 2001
- Dain O, Cunningham RK. Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the 2001 ACM workshop on data mining for security application, Philadelphia, PA; 2001, p. 113.
- Proceedings of the 2001 ACM Workshop on Data Mining for Security Application , pp. 1-13
- Dain, O.¹ Cunningham, R.K.²

9
- 0242529344
- Aggregation and correlation of intrusion-detection alerts
- Davis, CA, USA
- Debar H, Wespi A. Aggregation and correlation of intrusion-detection alerts. In: Proceedings of the fourth international symposium on recent advances in intrusion detection, Davis, CA, USA; 2001, p. 85103.
- (2001) Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection , pp. 85-103
- Debar, H.¹ Wespi, A.²

10
- 0000171332
- Limitations of self organizing map for vector quantization and multidimensional scaling
- A. Flexer Limitations of self organizing map for vector quantization and multidimensional scaling M.C. Mozer, Advances in neural information processing systems vol. 9 1997 MIT Press/Bradford Books 445 451
- (1997) Advances in Neural Information Processing Systems , vol.9 , pp. 445-451
- Flexer, A.¹

11
- 0242540448
- Mining intrusion detection alarms for actionable knowledge
- Julisch K, Dacier M. Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on knowledge discovery and data mining; 2002, p. 266375.
- (2002) Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining , pp. 266-375
- Julisch, K.¹ Dacier, M.²

12
- 84949215209
- Mining alarm clusters to Improve alarm handling efficiency
- Julisch K. Mining alarm clusters to Improve alarm handling efficiency. In: Proceedings of the 17th annual conference on computer security applications; 2001, p. 1221.
- (2001) Proceedings of the 17th Annual Conference on Computer Security Applications , pp. 12-21
- Julisch, K.¹

13
- 0003410791
- 1st ed. Springer Germany 3540620176
- T. Kohonen Self-organizing maps 1st ed. 1995 Springer Germany 3540620176
- (1995) Self-organizing Maps
- Kohonen, T.¹

14
- 0142095451
- NSOM: A real-time network-based intrusion detection system using self-organizing maps
- Labib K, Vemuri R. NSOM: a real-time network-based intrusion detection system using self-organizing maps. In: Networks and security; 2002.
- (2002) Networks and Security
- Labib, K.¹ Vemuri, R.²

15
- 77955425948
- IDS false alarm filtering using KNN classifier Fifth international workshop on information security applications
- WISA, Jeju Island, South Korea
- K.H. Law, and L.F. Kwok IDS false alarm filtering using KNN classifier Fifth international workshop on information security applications, WISA, Jeju Island, South Korea Lecture notes in com2puter science vol. 3325 2004
- (2004) Lecture Notes in Computer Science , vol.3325
- Law, K.H.¹ Kwok, L.F.²

16
- 0001457509
- Some methods for classification and analysis of Multivariate Observations
- University of California Press Berkeley
- J.B. MacQueen Some methods for classification and analysis of Multivariate Observations Proceedings of fifth Berkeley symposium on mathematical statistic and probability vol. 1 1967 University of California Press Berkeley 281 297
- (1967) Proceedings of Fifth Berkeley Symposium on Mathematical Statistic and Probability , vol.1 , pp. 281-297
- MacQueen, J.B.¹

17
- 0038011185
- Constructing attack scenarios through correlation of intrusion alerts
- Washington, D.C.
- Ning P, Cui Y, Reeves DS. Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the ninth ACM conference on computer and communications security Washington, D.C.; 2002, p. 24554.
- (2002) Proceedings of the Ninth ACM Conference on Computer and Communications Security , pp. 245-254
- Ning, P.¹ Cui, Y.² Reeves, D.S.³

18
- 0002877253
- Discovery, analysis, and presentation of strong rules
- G. Piatetsky-Shapiro Discovery, analysis, and presentation of strong rules G. Piatetsky-Shapiro, W.J. Frawley, Knowledge discovery in databases 1991 AAAI/MIT Press Cambridge, MA
- (1991) Knowledge Discovery in Databases
- Piatetsky-Shapiro, G.¹

19
- 0003500248
- 1st ed. Morgan Kaufman Publishers United State of America 1558602380
- J.R. Quinlan C4.5: programs for and neural networks, machine learning 1st ed. 1993 Morgan Kaufman Publishers United State of America 1558602380
- (1993) C4.5: Programs for and Neural Networks, Machine Learning
- Quinlan, J.R.¹

20
- 26444529309
- False alarm classification model for network-based intrusion detection system, intelligence data engineering and automated learning
- M.S. Shin, E.H. Kim, and K.H. Ryu False alarm classification model for network-based intrusion detection system, intelligence data engineering and automated learning Lecture notes in computer science vol. 3177/2004 2004 259265
- (2004) Lecture Notes in Computer Science , vol.3177 , Issue.2004 , pp. 259-265
- Shin, M.S.¹ Kim, E.H.² Ryu, K.H.³

21
- 24644432751
- R. Smith The web bug FAQ 1999
- (1999) The Web Bug FAQ
- Smith, R.¹

22
- 48249123952
- Snort: WEB-IIS view source via translate header 2007
- (2007) Snort: WEB-IIS View Source Via Translate Header

23
- 77955425739
- Symantec: symantec global internet security threat report: trends for 2008 vol. XIV April 2009 http://eval.symantec.com/mktginfo/enterprise/white- papers/b-whitepaper-internet-security-threat-report-xiv-04-2009.en-us.pdf
- (2009) Symantec: Symantec Global Internet Security Threat Report: Trends for 2008 , vol.14

24
- 52149097296
- The problem of false alarms: Evaluation with Snort and DARPA 1999 dataset trust, privacy and security in digital business
- G.C. Tjhai, M. Papadaki, S.M. Furnell, and N.L. Clarke The problem of false alarms: evaluation with Snort and DARPA 1999 dataset Trust, privacy and security in digital business Lecture notes in computer science vol. 5185/2008 2008 139 150
- (2008) Lecture Notes in Computer Science , vol.5185 , Issue.2008 , pp. 139-150
- Tjhai, G.C.¹ Papadaki, M.² Furnell, S.M.³ Clarke, N.L.⁴

25
- 48249145157
- Investigating the problem of IDS false alarms: An experimental study using Snort
- Proceedings of the IFIP TC 11 23rd international information security conference
- G.C. Tjhai, M. Papadaki, S.M. Furnell, and N.L. Clarke Investigating the problem of IDS false alarms: an experimental study using Snort Sushil Jajodia, Pierangela Samarati, Stelvio Cimato, Proceedings of the IFIP TC 11 23rd international information security conference IFIP international federation for information processing vol. 278 2008 Springer Boston 253 267
- (2008) IFIP International Federation for Information Processing , vol.278 , pp. 253-267
- Tjhai, G.C.¹ Papadaki, M.² Furnell, S.M.³ Clarke, N.L.⁴

26
- 0037952266
- Probabilistic alert correlation
- Davis, CA, USA
- Valdes A, Skinner K. Probabilistic alert correlation. In: Proceedings of the fourth international symposium on recent advances in intrusion detection, Davis, CA, USA; 2001, p. 5468.
- (2001) Proceedings of the Fourth International Symposium on Recent Advances in Intrusion Detection , pp. 54-68
- Valdes, A.¹ Skinner, K.²

27
- 23444448568
- 1st ed. Wiley United State of America 978-0-470-09013-8
- F. Van der Heijden, R. Duin, D. Ridder, and D.M.J. Tax Classification, parameter estimation and state estimation 1st ed. 2004 Wiley United State of America 978-0-470-09013-8
- (2004) Classification, Parameter Estimation and State Estimation
- Van Der Heijden, F.¹ Duin, R.² Ridder, D.³ Tax, D.M.J.⁴

28
- 48249142510
- WebDAV overview 2001
- (2001) WebDAV Overview

29
- 49249094378
- Avoiding overfitting with BP-SOM
- Weijters T, Van Den Herik HJ, Van den Bosch A, Postma E. Avoiding overfitting with BP-SOM. In: Proceedings of the fifteenth international joint conference on artificial intelligence; 1997.
- (1997) Proceedings of the Fifteenth International Joint Conference on Artificial Intelligence
- Weijters, T.¹ Van Den Herik, H.J.² Van Den Bosch, A.³ Postma, E.⁴

30
- 33745165284
- Analyzing TCP traffic patterns using self organizing maps
- Proceedings 13th international conference on image analysis and processing
- S. Zanero Analyzing TCP traffic patterns using self organizing maps Proceedings 13th international conference on image analysis and processing Lecture notes in computer science vol. 3617/2005 2005 83 90
- (2005) Lecture Notes in Computer Science , vol.3617 , Issue.2005 , pp. 83-90
- Zanero, S.¹

31
- 38149027709
- Alert correlation for extracting attack strategies
- B. Zhu, and A. Ghorbani Alert correlation for extracting attack strategies International Journal of Network Security 3 2 2006 244 258
- (2006) International Journal of Network Security , vol.3 , Issue.2 , pp. 244-258
- Zhu, B.¹ Ghorbani, A.²

* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.