Modeling of information system correlated events time dependencies

Authors:
Jacques Saraydaryan;Véronique Legrand;Stéphane Ubéda
Affiliations:
ARES INRIA/CITI/Exaprotect, INSA, Lyon, France;ARES INRIA/CITI, INSA, Lyon, France;ARES INRIA/CITI, INSA, Lyon, France
Venue:
NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
Year:
2008

Citing 4
Cited 0

LOF: identifying density-based local outliers

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks

IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Unified semantics for event correlation over time and space in hybrid network environments

OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many works have been carried out in events correlation and intrusion detection. Although they use different methods or correlation approaches, they all highlight the importance of time in their modeling process. In this paper, we suggest a new time consideration for our previous works Bayesian behavior intrusion detection. Using a probabilistic approach, we introduce time consideration in the profile of user/system interactions. This enriched profile will integrate all time dependencies among correlated alerts. Some works provide attack graphs scenarios where time dependencies are explicitly defined. In our case, they are learnt during a training period.