A generic intrusion detection and diagnoser system based on complex event processing

Proceedings - 1st International Conference on Data Compression, Communication, and Processing, CCP 2011

Volumn , Issue , 2011, Pages 275-284

  Ficco, Massimo ^a   Romano, Luigi ^b  

^a SECOND UNIVERSITY OF NAPLES   (Italy)

^b UNIVERSITY OF NAPLES PARTHENOPE   (Italy)

Author keywords

attack scenario recognition; complex event processing; diagnosis; intrusion detection system

Indexed keywords

ALERT CORRELATION; ARCHITECTURAL LEVELS; ATTACK SCENARIOS; COMPLEX EVENT PROCESSING; DETECTION AND DIAGNOSIS; DISTRIBUTED SECURITY; EVENT CORRELATION; HIERARCHICAL APPROACH; INTRUSION DETECTION SYSTEM; INTRUSION SCENARIOS; KNOWLEDGE BASE; ON-LINE DETECTION; PROTOTYPE IMPLEMENTATIONS; SYSTEM-BASED;

COMMUNICATION; COMPUTER SYSTEM FIREWALLS; CRITICAL INFRASTRUCTURES; DATA COMPRESSION; DIAGNOSIS; ONTOLOGY;

INTRUSION DETECTION;

EID: 81255123403     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CCP.2011.43     Document Type: Conference Paper

References (25)

1. F. Palmieri and U. Fiore. Network anomaly detection through nonlinear analysis. In Computers & Security, vol. 29, no. 7, 2010, pp. 737-755.
2. Jie Ma, Zhi-tang Li, and Wei-ming Li. Real-Time Alert Stream Clustering and Correlation for Discovering Attack Strategies. In Proc. of the 5th ACM International Conference on Fuzzy Systems and Knowledge Discovery, Oct. 2008. ACM Press.
3. M. Ficco, L. Coppolino, and L. Romano. A Weight-Based Symptom Correlation Approach to SQL Injection Attacks. In Proc. of 4th ACM Latin-American Symposium on Dependable Computing (LADC 2009), Set. 2009, ACM Press.
4. A. Daidone, F. Di Giandomenico, A. Bondavalli, and S. Chiaradonna. Hidden Markov Models as a Support for Diagnosis: Formalization of the Problem and Synthesis of the Solution. In Proc. of the 25th IEEE Symposium on Reliable Distributed Systems (SRDS 2006), Oct. 2006, pp. 245-256. IEEE CS Press.
5. A. Nickelsen, J. Grnbk, T. Renier, and H.P. Schwefel. Probabilistic Network Fault-Diagnosis Using Cross-Layer Observations. In Proc. of the International Conference on Advanced Information Networking and Applications, 2009, pp. 225-232. IEEE CS Press.
6. S. Cheung, U. Lindqvist, and M. W. Fong. Modelling multi-step cyber attacks for scenario recognition. In Proc. of DARPA Information Survivability Conference and Exposition, 2003, pp. 284-292.
7. V. Artem and H. Jun. Security attack ontology for web services. In Proc. of the 2th Int. Conf. on Semantics, Knowledge, and Grid, 2006, pp. 42-49, IEEE CS Press.
8. M. Ficco. Achieving Security by Intrusion-Tolerance Based on Event Correlation. In Special Issue on Data Dissemination for Large scale Complex Critical Infrastructures, International Journal of Network Protocols and Algorithms (NPA), vol. 2, no. 3, Oct. 2010, pp. 70-84.
9. D. Curry and H. Debar. Intrusion Detection Message Exchange Format: Extensible Markup Language (XML) Document Type Definition, draft-ietf-idwg- idmef-xml-10.txt, Jan. 2003.
10. JavaCC, a Java Compiler Compiler library, at https://javacc.dev.java.net/ JavaCC
11. R. Varandi. SEC - a lightweight event correlation tool. In Proc. of the IEEE Workshop on IP operation and management, Dec. 2002, pp. 111-115. IEEE CS Press.
12. M. Ficco, A. Daidone, L. Coppolino, L. Romano, and A. Bondavalli. An Event Correlation Approach for Fault Diagnosis in SCADA Infrastructures. In Proc. of the 13th European Workshop on Dependable Computing, May 2011, pp. 15-20. IEEE CS Press.
13. Borealis: Distributed Stream Processing Engine, Brandeis University, Brown University, and the Massachusetts Institute of Technology, http://www.cs.brown.edu/research/borealis/public/
14. Prelude, an Hybrid Intrusion Detection System. Available at: http://www.prelude-ids.com
15. K. Julisch. Clustering intrusion detection alarms to support root cause analysis. In ACM Trans. on Information and System Security, vol. 6, no. 4, Nov. 2003, pp. 443-471.
16. W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proc. of the the International Symposium on Secure Software Engineering, Mar. 2006, pp. 795-798, ACM Press,
17. D. Yu and D. Frincke. Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory. In Proc. of the 43rd ACM Southeast Regional Conference, vol. 2, May 2005, pp. 142-147.
18. F. Cuppens and R. Ortalo. Lambda, A language to model a database for detection of attacks. In Proc. of the 3rd International Symposium Recent Advances in Intrusion Detection (RAID 2000), LNCS, Springer-Verlag Heidelberg, 2000, pp. 197-216.
19. R. Vaarandi and K. Podins. Network IDS Alert Classication with Frequent Itemset Mining and Data Clustering. In Proc. of the International Conference on Network and Service Management, 2010, pp. 451-456. IEEE CS Press.
20. Snort: an open source network intrusion prevention and detection system (IDS/IPS), at: http://www.snort.org/, 2010.
21. Complete Snort-based IDS Architecture. http://cybervlad.net/ids/index. html
22. S. Kreibich and R. Sommer. Policy-controlled event management for distributed intrusion detection. In Proc. of the 25th IEEE International Conference on Distributed Computing Systems, 2005. IEEE CS Press.
23. M. Haibin and G. Jian. Intrusion Alert Correlation based on D-S Evidence Theory. In Proc. of the 2th Inter. Conference on Communications and Networking, Aug. 2007, pp. 377-381, IEEE CS Press.
24. B. Morin and H. Debar. Correlation of Intrusion Symptoms: an Application of Chronicles. In Proc. of the 6th Int. Conf. on Recent Advances in Intrusion Detection (RAID'03).
25. F. Valeur, G. Vigna, and A. Kemmerer. A Comprehensive Approach to Intrusion Detection Alert Correlation, In IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 3, July 2004, pp. 146-169.