A flexible and efficient alert correlation platform for distributed IDS

Proceedings - 2010 4th International Conference on Network and System Security, NSS 2010

Volumn , Issue , 2010, Pages 24-31

  Roschke, Sebastian ^a   Cheng, Feng ^a   Meinel, Christoph ^a  

^a UNIVERSITY OF POTSDAM   (Germany)

Author keywords

IDS management; Memory based clustering; Memory based correlation; Memory based databases

Indexed keywords

ALERT CORRELATION; COLUMN-ORIENTED DATABASE; DATA STORAGE; DISTRIBUTED DEPLOYMENT; DISTRIBUTED IDS; END USERS; EXISTING PROBLEMS; FLEXIBLE INTEGRATION; IDS MANAGEMENT; INDEX TABLE; INTRUSION DETECTION SYSTEMS; LARGE-SCALE DEPLOYMENT; MALICIOUS BEHAVIOR; MANAGEMENT SYSTEMS; MEMORY-BASED CLUSTERING; MEMORY-BASED CORRELATION; MEMORY-BASED DATABASES; MULTIPLE PROCESSING; NETWORK COMMUNICATIONS; PLUG-INS; PROCESS NEEDS; PROCESSING ALGORITHMS; PROCESSING POWER; SHARE MEMORY; SIMPLE ALGORITHM; STANDARDIZED INTERFACES;

COMPUTER CRIME; CORRELATION METHODS; DATA PROCESSING; DATABASE SYSTEMS; INTRUSION DETECTION; NETWORK SECURITY; SENSORS;

CLUSTERING ALGORITHMS;

EID: 78650313678     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NSS.2010.26     Document Type: Conference Paper

References (27)

1. R. Sadoddin, A. Ghorbani: Alert Correlation Survey: Framework and Techniques, In: Proceedings of the International Conference on Privacy, Security and Trust (PST'06), ACM Press, Markham, Ontario, Canada, pp. 1-10 (2006).
2. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format, Internet Draft, Technical Report, IETF Intrusion Detection Exchange Format Working Group (July 2004).
3. Mitre Corporation: Common vulnerabilities and exposures, CVE Website: http://cve.mitre.org/, (Accessed March 2009).
4. K. Julisch: Clustering intrusion detection alarms to support root cause analysis, In: ACM Transactions on Information and System Security, vol. 6, Issue 4, pp. 443-471 (2003).
5. F. Cuppens: Managing alerts in a multi-intrusion detection environment, In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC'01), IEEE Press, New-Orleans, USA, pp. 0022 (December 2001).
6. A. Valdes and K. Skinner: Probabilistic alert correlation, In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID'00), London, UK, Springer LNCS 2212, pp.54-68 (2001).
7. H. Debar and A. Wespi: Aggregation and correlation of intrusiondetection alerts, In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID'01), London, UK, Springer LNCS 2212, pp. 85-103 (2001).
8. P. Ning, Y. Cui, and D. Reeves: Constructing attack scenarios through correlation of intrusion alerts, In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS'02) ACM Press, Washington, DC, USA, pp. 245-254 (2002).
9. X. Qin: A Probabilistic-Based Framework for INFOSEC Alert Correlation, PhD thesis, Georgia Institute of Technology, 2005.
10. W. L. Xinzhou Qin: Statistical causality analysis of infosec alert data, In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID'03), London, UK, Springer LNCS 2820, pp. 73-93 (2003).
11. S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz: A data mining analysis of rtid alarms, In: Computer Networks, vol. 34, Issue 4, pp. 571-577 (2000).
12. A. Siraj and R. B. Vaughn: A cognitive model for alert correlation in a distributed environment, In: Proceedings of IEEE International Conference on Intelligence and Security Informatics (ISI'05), IEEE Press, Atlanta, GA, USA, pp. 218-230 (2005).
13. P. Ning, D. Xu, C. G. Healey, and R. S. Amant: Building attack scenarios through integration of complementary alert correlation method, In: Proceedings of the Network and Distributed System Security Symposium (NDSS'04), The Internet Society, San Diego, California, USA, 2004.
14. P. A. Porras, M. W. Fong, and A. Valdes: A mission-impact-based approach to infosec alarm correlation, In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID'02), London, UK, Springer LNCS, pp. 95-114 (2002).
15. H. Plattner: A Common Database Approach for OLTP and OLAP Using an In-Memory Column Database, In: Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'09), ACM Press, Providence, Rhode Island, USA, pp. 1-2 (2009).
16. D. J. Abadi, S. Madden, and M. Ferreira: Integrating Compression and Execution in Column-Oriented Database Systems, In: Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD'06), ACM Press, Chicago, Illinois, USA, pp. 671-682 (2006).
17. P. A. Boncz, S. Manegold, and M. L. Kersten: Database Architecture Optimized for the New Bottleneck: Memory Access, In: Proceedings of 25th International Conference on Very Large Data Bases (VLDB'99), Edinburgh, Scotland, UK, pp. 54-65 (1999).
18. MonetDB: WEBSITE: http://monetdb.cwi.nl/ (accessed Nov 2009).
19. P. Boncz: Monet: A Next-Generation DBMS Kernel for Query-Intensive Applications, PhD Thesis, Universiteit van Amsterdam, Amsterdam, The Netherlands, 2002.
20. MySQL: WEBSITE: http://www.mysql.com/ (accessed Nov 2009).
21. PostgreSQL: WEBSITE: http://www.postgresql.org/ (accessed Nov 2009).
22. Snort IDS: WEBSITE: http://www.snort.org/ (accessed Nov 2009).
23. Roschke, S., Cheng, F., Meinel, Ch.: An Extensible and Virtualization- Compatible IDS Management Architecture, In: Proceedings of 5th International Conference on Information Assurance and Security (IAS'09), IEEE Press, vol. 2, Xi'an, China, pp. 130-134 (August 2009).
24. Eclipse Test & Performance Tools Platform Project, WEBSITE: http://www.eclipse.org/tptp/ (accessed Nov 2009).
25. Tedesco, G. and Aickelin, U.: Real-Time Alert Correlation with Type Graphs, In: Proceedings of the 4th international Conference on Information Systems Security (ISS'09), Springer LNCS 5352, Hyderabad, India, pp. 173-187 (2008).
26. Ning, P. and Xu, D.: Adapting Query Optimization Techniques for Efficient Intrusion Alert Correlation, Technical Report, North Carolina State University at Raleigh, 2002.
27. Northcutt, S., Novak, J.: Network Intrusion Detection: An Analyst's Handbook, New Riders Publishing, Thousand Oaks, CA, USA (2002).