IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Fuzzy sets, uncertainty, and information
Fuzzy sets, uncertainty, and information
Intrusion detection
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Self-Organizing Maps
Fuzzy Measure Theory
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Parzen-Window Network Intrusion Detectors
ICPR '02 Proceedings of the 16 th International Conference on Pattern Recognition (ICPR'02) Volume 4 - Volume 4
Validation of Sensor Alert Correlators
IEEE Security and Privacy
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
On-Line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms
Data Mining and Knowledge Discovery
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
On the use of different statistical tests for alert correlation: short paper
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Detecting Intrusions through System Call Sequence and Argument Analysis
IEEE Transactions on Dependable and Secure Computing
Analyzing TCP traffic patterns using self organizing maps
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
An online adaptive approach to alert correlation
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
Alert correlation using artificial immune recognition system
International Journal of Bio-Inspired Computation
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Network specific vulnerability based alert reduction approach
Security and Communication Networks
Taxonomy and proposed architecture of intrusion detection and prevention systems for cloud computing
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
| Hi-index | 0.00 |
In this paper we focus on the aggregation of IDS alerts, an important component of the alert fusion process. We exploit fuzzy measures and fuzzy sets to design simple and robust alert aggregation algorithms. Exploiting fuzzy sets, we are able to robustly state whether or not two alerts are ''close in time'', dealing with noisy and delayed detections. A performance metric for the evaluation of fusion systems is also proposed. Finally, we evaluate the fusion method with alert streams from anomaly-based IDS.