ACM Computing Surveys (CSUR)
Intrusion detection systems and multisensor data fusion
Communications of the ACM
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Validation of Sensor Alert Correlators
IEEE Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Alarm clustering for intrusion detection systems in computer networks
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Signature-Based approach for intrusion detection
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
A Bounded Index for Cluster Validity
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Improvement in intrusion detection with advances in sensor fusion
IEEE Transactions on Information Forensics and Security
Editorial: Recent advances in data mining
Engineering Applications of Artificial Intelligence
A knowledge-based architecture for distributed fault analysis in power networks
Engineering Applications of Artificial Intelligence
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Inference of network anomaly propagation using spatio-temporal correlation
Journal of Network and Computer Applications
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Network specific vulnerability based alert reduction approach
Security and Communication Networks
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
| Hi-index | 0.00 |
Until recently, network administrators manually arranged alarms produced by intrusion detection systems (IDS) to attain a high-level description of cyberattacks. As the number of alarms is increasingly growing, automatic tools for alarm clustering have been proposed to provide such a high-level description of the attack scenarios. In addition, it has been shown that effective threat analysis requires the fusion of different sources of information, such as different IDS. This paper proposes a new strategy to perform alarm clustering which produces unified descriptions of attacks from alarms produced by multiple IDS. In order to be effective, the proposed alarm clustering system takes into account two characteristics of IDS: (i) for a given attack, different sensors may produce a number of alarms reporting different attack descriptions; and (ii) a certain attack description may be produced by the IDS in response to different types of attack. Experimental results show that the high-level alarms produced by the alarm clustering module effectively summarize the attacks, drastically reducing the volume of alarms presented to the administrator. In addition, these high-level alarms can be used as the base to perform further higher-level threat analysis.