Practical automated detection of stealthy portscans
Journal of Computer Security
Validation of Sensor Alert Correlators
IEEE Security and Privacy
Snort 2.0 Intrusion Detection
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
Coordinated internet attacks: responding to attack complexity
Journal of Computer Security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Stellar: A Fusion System for Scenario Construction and Security Risk Assessment
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I
Real-time risk assessment with network sensors and intrusion detection systems
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
RAR: A role-and-risk based flexible framework for secure collaboration
Future Generation Computer Systems
| Hi-index | 0.00 |
In the paper, an online risk assessment model based on D-S evidence theory is presented. The model can quantitate the risk caused by an intrusion scenario in real time and provide an objective evaluation of the target security state. The results of the online risk assessment show a clear and concise picture of both the intrusion progress and the target security state. The model makes full use of available information from both IDS alerts and protected targets. As a result, it can deal with uncertainties and subjectiveness very well in its evaluation process. In IDAM&IRS, the model serves as the foundation for intrusion response decision-making.