A correlation approach to intrusion detection

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

Volumn 45 LNICST, Issue , 2010, Pages 203-215

  Ficco, Massimo ^a   Romano, Luigi ^b  

^a UNIVERSITY OF NAPLES PARTHENOPE   (Italy)

^b Laboratorio ITeM C Savy   (Italy)

Author keywords

Correlation; Detection; Fusion

Indexed keywords

ARCHITECTURAL LEVELS; ATTACK SCENARIOS; DISTRIBUTED SECURITY; EVENT CORRELATION; INTRUSION DETECTION SYSTEMS;

HIERARCHICAL SYSTEMS; ONTOLOGY;

INTRUSION DETECTION;

EID: 84863939166     PISSN: 18678211     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-16644-0_19     Document Type: Conference Paper

References (20)

1. Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. on Information and System Security 3(3), 186-205 (2000)
2. Manganaris, S., Christensen, M., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34(4), 571-577 (2000)
3. Hervé, D., Dacier, M.: Towards a taxonomy of intrusion-detection systems. The Journal of Computer and Telecommunications Networking 9, 805-822 (1999)
4. Kemmerer, R., Vigna, G.: Intrusion detection: a brief history and overview. IEEE Computer 35(4), 27-30 (2002)
5. Majorczyk, F., Totel, E., Mé, L.: Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs. In: IFIP International Federation for Information Processing. LNCS, vol. 278, pp. 301-315. Springer, Boston (2008)
6. Ning, P., Cui, Y., Xu, D.: Techniques and tools for analyzing intrusion alerts. ACM Trans. on Information and System Security 7(2), 274-318 (2004)
7. Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Trans. on Information and System Security 6(4), 443-471 (2003)
8. Yu, D., Frincke, D.: Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory. In: Proc. of the 43rd ACM Southeast Regional Conference, vol. 2, pp. 142-147 (May 2005)
9. Morin, B., Debar, H.: Correlation of intrusion symptoms: An application of chronicles. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 94-112. Springer, Heidelberg (2003)
10. The OWASP Top 10 Web attacks (December 2009), http://www.owasp.org/index. php/Category:OWASP-Top-Ten-Project
11. Valeur, F., Vigna, G., Kruegel, C.: A Comprehensive Approach to Intrusion Detection Alert Correlation. IEEE Transactions on Dependable and Secure Computing 1(3), 146-169 (2004)
12. Totel, E., Majorczyk, F., Mé, L.: COTS Diversity Based Intrusion Detection and Application to Web Servers. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 43-62. Springer, Heidelberg (2006) (Pubitemid 43973721)
13. Haibin, M., Jian, G.: Intrusion Alert Correlation based on D-S Evidence Theory. In: Proc. of the 2th Int. Conf. on Communications and Networking (CHINACOM 2007), pp. 377-381. IEEE CS Press, Los Alamitos (August 2007)
14. Bondavalli, A., Ceccarelli, A., Falai, L.: Assuring Resilient Time Synchronization. In: Proc. of the IEEE Symposium on Reliable Distributed Systems (SRDS 2008), pp. 3-12. IEEE CS Press, Los Alamitos (October 2008 )
15. Ficco, M., Coppolino, L., Romano, L.: A Weight-Based Symptom Correlation Approach to SQL Injection Attacks. In: Proc. of the 4th Latin-American Symposium on Dependable Computing (LADC 2009). IEEE CS Press, Los Alamitos (September 2009)
16. Scalp: Apache log analyzer, http://code.google.com/p/apache-scalp/ (last update September 2009)
17. JMeter: Java application designed to load test web applications, http://javaboutique.internet.com/tutorials/JMeter/
18. Coral8 Engine, at http://www.aleri.com/sites/default/files/assets/ product-literature/Coral8%20Engine.pdf (last access October 2009)
19. Oracle CEP, http://www.watersonline.com/public/showPage.html?page=800767 (last access December 2009)
20. The Borealis project, http://www.cs.brown.edu/research/borealis/public/ (last access February 2010)