On network-aware clustering of Web clients
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Packet types: abstract specification of network protocol messages
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
ASN.1: communication between heterogeneous systems
ASN.1: communication between heterogeneous systems
DataScript - A Specification and Scripting Language for Binary Data
GPCE '02 Proceedings of the 1st ACM SIGPLAN/SIGSOFT conference on Generative Programming and Component Engineering
Hancock: A language for analyzing transactional data streams
ACM Transactions on Programming Languages and Systems (TOPLAS)
StreaMon: an adaptive engine for stream query processing
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
PADS: a domain-specific language for processing ad hoc data
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Operator placement for in-network stream query processing
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Continuous query processing in data streams using duality of data and queries
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Adaptable Parsing of Real-Time Data Streams
PDP '07 Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing
Operator scheduling in a data stream manager
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Intrusion-tolerant architectures: concepts and design
Architecting dependable systems
Reconfigurable context-free grammar based data processing hardware with error recovery
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
| Hi-index | 0.00 |
Intrusion Detection Systems (IDSs) are one of the most adopted technologies when facing the issue of computer security. Regrettably, current solutions are far from perfect: i) either they produce a large number of false positives or they detect only known attacks; ii) they do not scale as the monitored infrastructure grows in terms of number of components and of exchanged data. Correlation of attack symptoms from diverse information sources has been proven to be an effective approach. In this paper, we propose an IDS solution which correlates information from diverse sources for improved performance, i.e. achieving high detection while reducing false positives. We discuss the key issues that result from adopting correlation of data coming from multiple sources and present the conceptual architecture that has been drown in the PHDS ("A Middleware Infrastructure for Real-Time Processing of Heterogeneous Data Streams") project to face such issues in a Security and Safety domain. We also present technological choices taken to implement such an architecture.