M2D2: A formal data model for IDS alert correlation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2516, Issue , 2002, Pages 115-137

  Morin, Benjamin ^a   Mé, Ludovic ^b   Debar, Hervé ^a   Ducassé, Mireille ^c  

^a ORANGE LABS   (France)

^b SUPELEC Campus de Rennes   (France)

^c CAMPUS DE BEAULIEU   (France)

Author keywords

[No Author keywords available]

Indexed keywords

INTRUSION DETECTION; MERCURY (METAL);

ALERT CORRELATION; FORMAL DEFINITION; FORMAL MODEL; IDS ALERT CORRELATIONS; INFORMATION TYPES; SECURITY TOOLS;

CORRELATION METHODS;

EID: 77956988169     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-36084-0_7     Document Type: Conference Paper

References (17)

1. G. Jakobson and M. D. Weissman. Alarm correlation. IEEE Network Magazine, pages 52–60, 1993.
2. J. McHugh. Intrusion and intrusion detection. International Journal of Information Security, July 2001.
3. Icat vulnerabilities database. http://icat.nist.gov/icat.cfm.
4. G. Vigna and R. A. Kemmerer. Netstat: A network-based intrusion detection approach. In Proceedings of the 14th Annual Computer Security Application Conference, December 1998.
5. G. Vigna and R. A. Kemmerer. Netstat: A network-based intrusion detection system. Journal of Computer Security, February 1999.
6. R. P. Goldman, W. Heimerdinger, S. A. Harp, C. W. Geib, V. Thomas, and R. L. Carter. Information modeling for intrusion report aggregation. In Proceedings of the DARPA Information Survivability Conference and Exposition, June 2001.
7. G. Vigna. A topological characterization of tcp/ip security. Technical Report TR-96.156, Politecnico di Milano, 1996.
8. J.-R. Abrial. The B Book: Assigning programs to meanings. Cambridge University Press, 1996.
9. R. Shirey. Internet security glossary. RFC2828, 2000.
10. J. Arlat, J.P. Blanquart, A. Costes, Y. Crouzet, Y. Deswarte, J.C. Fabre, H. Guillermain, M. Kaaniche, K. Kanoun, J.C. Laprie, C. Mazet, D. Powell, C. Rabejac, and P. Thevenod. Guide de la surete de fonctionnement. Cepadues editions, 1995.
11. D. E. Mann and S. M. Christey. Towards a common enumeration of vulnerabilities. In Proceedings of the 2nd Workshop on Research with Security Vulnerability Databases, January 1999.
12. Dave Curry and Herve Debar. Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. Internet Draft (work in progress), December 2001. http://search.ietf.org/internetdrafts/draft-ietf-idwg-idmef-xml-06.txt.
13. Hervé Debar and Andreas Wespi. Aggregation and correlation of intrusiondetection alerts. In Wenke Lee, Ludovic Me, and Andreas Wespi, editors, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), number 2212 in Lecture Notes in Computer Science, pages 85–103, Davis, CA, USA, October 2001. Springer.
14. J. D. Howard and T. A. Longstaff. A common language for computer security incidents. CERT - SAND98-8667, http://www.cert.org/research/taxonomy988667.pdf, 1998.
15. F. Cuppens. Managing alerts in multi-intrusion detection environment. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01), 2001.
16. F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proccedings of the IEEE Symposium on Security and Privacy, 2002.
17. Frédéric Cuppens and Rodolphe Ortalo. Lambda: A language to model a database for detection of attacks. In H. Debar, L. Me, and S. F. Wu, editors, Proceedings of the Third International Workshop on the Recent Advances in Intrusion Detection (RAID’2000), number 1907 in LNCS, pages 197–216, October 2000.