Analyzing intensive intrusion alerts via correlation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2516, Issue , 2002, Pages 74-94

  Ning, Peng ^a   Cui, Yun ^a   Reeves, Douglas S ^a  

^a North Carolina State University   (United States)

Author keywords

Alert correlation; Attack scenario analysis; Intrusion detection

Indexed keywords

CORRELATION METHODS; MERCURY (METAL);

ALERT CORRELATION; ATTACK SCENARIO ANALYSIS; ATTACK STRATEGIES; CAPTURE THE FLAG; GRAPH DECOMPOSITIONS; INTRUSION DETECTION SYSTEMS; INTRUSION RESPONSE SYSTEM; LOGICAL CONNECTIONS;

INTRUSION DETECTION;

EID: 84958963784     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-36084-0_5     Document Type: Conference Paper

References (24)

1. Javits, H, Valdes, A.: The NIDES statistical component: Description and justification. Technical report, SRI International, Computer Science Laboratory (1993)
2. Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection system. Journal of Computer Security 7 (1999) 37–71
3. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001). (2001) 54–68
4. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Recent Advances in Intrusion Detection. LNCS 2212 (2001) 85 – 103
5. Dain, O., Cunningham, R.: Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the 2001 ACMWorkshop on Data Mining for Security Applications. (2001) 1–13
6. Ning, P., Reeves, D.S., Cui, Y.: Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13, North Carolina State University, Department of Computer Science (2001)
7. Ning, P., Cui, Y.: An intrusion alert correlator based on prerequisites of intrusions. Technical Report TR-2002-01, North Carolina State University, Department of Computer Science (2002)
8. MIT Lincoln Lab: 2000 DARPA intrusion detection scenario specific datasets. http://www.ll.mit.edu/IST/ideval/data/2000/2000 data index.html (2000)
9. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34 (2000) 571–577
10. DEFCON: Def con capture the flag (CTF) contest. http://www.defcon.org/html/defcon-8-post.html (2000) Archive accessible at http://wi2600.org/mediawhore/mirrors/shmoo/.
11. Bace, R.: Intrusion Detection. Macmillan Technology Publishing (2000)
12. Staniford, S., Hoagland, J., McAlerney, J.: Practical automated detection of stealthy portscans. To appear in Journal of Computer Security (2002)
13. Templeton, S., Levit, K.: A requires/provides model for computer attacks. In: Proceedings of New Security ParadigmsWorkshop, ACM Press (2000) 31 – 38
14. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy. (2002)
15. Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS - a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference. Volume 1. (1996) 361–370
16. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Transaction on Software Engineering 21 (1995) 181–199
17. Cuppens, F., Ortalo, R.: LAMBDA:A language to model a database for detection of attacks. In: Proc. Of Recent Advances in Intrusion Detection (RAID 2000). (2000) 197–216
18. Lin, J., Wang, X.S., Jajodia, S.: Abstraction-based misuse detection: High-level specifications and adaptable strategies. In: Proceedings of the 11th Computer Security Foundations Workshop, Rockport, MA (1998) 190–201
19. Ning, P., Jajodia, S., Wang, X.S.: Abstraction-based intrusion detection in distributed environments. ACM Transactions on Information and System Security 4 (2001) 407–452
20. Gruschke, B.: Integrated event management: Event correlation using dependency graphs. In: Proceedings of the 9th IFIP/IEEE InternationalWorkshop on Distributed Systems: Operations and Management. (1998)
21. Ricciulli, L., Shacham, N.: Modeling correlated alarms in network management systems. In: InWestern Simulation Multiconference. (1997)
22. Gardner, R., Harle, D.: Pattern discovery and specification translation for alarm correlation. In: Proceedings of Network Operations and Management Symposium (NOMS’98). (1998) 713–722
23. ISS, Inc.: RealSecure intrusion detection system. (http://www.iss.net)
24. AT and T Research Labs: Graphviz - open source graph layout and drawing software. (http://www.research.att.com/sw/tools/graphviz/)