NetSTAT: a network-based intrusion detection system
Journal of Computer Security
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Ontology in information security: a useful theoretical foundation and methodological tool
Proceedings of the 2001 workshop on New security paradigms
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Improving Security Management through Passive Network Observation
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Using Description Logics for Network Vulnerability Analysis
ICNICONSMCL '06 Proceedings of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies
The Description Logic Handbook
The Description Logic Handbook
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Conceptual analysis of intrusion alarms
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Modeling requests among cooperating intrusion detection systems
Computer Communications
An incremental SVM for intrusion detection based on key feature selection
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
An online adaptive approach to alert correlation
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Security alert correlation using growing neural gas
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
International Journal of Communication Systems
Alert correlation using artificial immune recognition system
International Journal of Bio-Inspired Computation
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
Limitation of honeypot/honeynet databases to enhance alert correlation
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Network specific vulnerability based alert reduction approach
Security and Communication Networks
Detection of anomalies from user profiles generated from system logs
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Review: Formal Concept Analysis in knowledge processing: A survey on models and techniques
Expert Systems with Applications: An International Journal
Towards cost-sensitive assessment of intrusion response selection
Journal of Computer Security
Hi-index | 0.00 |
Managing and supervising security in large networks has become a challenging task, as new threats and flaws are being discovered on a daily basis. This requires an in depth and up-to-date knowledge of the context in which security-related events occur. Several tools have been proposed to support security operators in this task, each of which focuses on some specific aspects of the monitoring. Many alarm fusion and correlation approaches have also been investigated. However, most of these approaches suffer from two major drawbacks. First, they only take advantage of the information found in alerts, which is not sufficient to achieve the goals of alert correlation, that is to say to reduce the overall amount of alerts, while enhancing their semantics. Second, these techniques have been designed on an ad hoc basis and lack a shared data model that would allow them to reason about events in a cooperative way. In this paper, we propose a federative data model for security systems to query and assert knowledge about security incidents and the context in which they occur. This model constitutes a consistent and formal ground to represent information that is required to reason about complementary evidences, in order to confirm or invalidate alerts raised by intrusion detection systems.