Numerical recipes in C (2nd ed.): the art of scientific computing
Numerical recipes in C (2nd ed.): the art of scientific computing
Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Data mining: concepts and techniques
Data mining: concepts and techniques
Scientific Computing: An Introductory Survey
Scientific Computing: An Introductory Survey
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Information-Statistical Data Mining: Warehouse Integration With Examples of Oracle Basics (The Kluwer International Series in Engineering and Computer Science, 757)
A behavioral approach to worm detection
Proceedings of the 2004 ACM workshop on Rapid malcode
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
ACM Transactions on Computer Systems (TOCS)
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Toward Models for Forensic Analysis
SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
Network forensics based on fuzzy logic and expert system
Computer Communications
Early warning system for cascading effect control in energy control systems
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Hi-index | 0.00 |
The objective of this research is to show an analytical intrusion detection framework (AIDF) comprised of (i) a probability model discovery approach, and (ii) a probabilistic inference mechanism for generating the most probable forensic explanation based on not only just the observed intrusion detection alerts, but also the unreported signature rules that are revealed in the probability model. The significance of the proposed probabilistic inference is its ability to integrate alert information available from IDS sensors distributed across subnets. We choose the open source Snort to illustrate its feasibility, and demonstrate the inference process applied to the intrusion detection alerts produced by Snort. Through a preliminary experimental study, we illustrate the applicability of AIDF for information integration and the realization of (i) a distributive IDS environment comprised of multiple sensors, and (ii) a mechanism for selecting and integrating the probabilistic inference results from multiple models for composing the most probable forensic explanation.