LOF: identifying density-based local outliers
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Unified semantics for event correlation over time and space in hybrid network environments
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
Hi-index | 0.00 |
Many works have been carried out in events correlation and intrusion detection. Although they use different methods or correlation approaches, they all highlight the importance of time in their modeling process. In this paper, we suggest a new time consideration for our previous works Bayesian behavior intrusion detection. Using a probabilistic approach, we introduce time consideration in the profile of user/system interactions. This enriched profile will integrate all time dependencies among correlated alerts. Some works provide attack graphs scenarios where time dependencies are explicitly defined. In our case, they are learnt during a training period.