Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Probabilistic Plan Recognition for Hostile Agents
Proceedings of the Fourteenth International Florida Artificial Intelligence Research Society Conference
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Forensic analysis of logs: Modeling and verification
Knowledge-Based Systems
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A vulnerability-driven approach to active alert verification
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
Case-oriented alert correlation
WSEAS Transactions on Computers
Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A decision support system for constructing an alert classification model
Expert Systems with Applications: An International Journal
A logic-based model to support alert correlation in intrusion detection
Information Fusion
A Formal Approach for the Forensic Analysis of Logs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
A dynamic fusion approach for security situation assessment
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
Towards identifying true threat from network security data
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Malware characterization through alert pattern discovery
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
An online adaptive approach to alert correlation
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Middleware for runtime assessment of information assurance
Proceedings of the 11th International Middleware Conference Industrial track
Computer network defence situational awareness information requirements
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
A new alert correlation algorithm based on attack graph
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
An automatic intrusion diagnosis approach for clouds
International Journal of Automation and Computing
Nexat: a history-based approach to predict attacker actions
Proceedings of the 27th Annual Computer Security Applications Conference
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I
Integrating IDS alert correlation and OS-Level dependency tracking
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Intrusion detection: introduction to intrusion detection and security information management
Foundations of Security Analysis and Design III
Alarm clustering for intrusion detection systems in computer networks
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Energy Efficiency Routing with Node Compromised Resistance in Wireless Sensor Networks
Mobile Networks and Applications
Using hidden markov models to evaluate the risks of intrusions
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
An alert correlation platform for memory-supported techniques
Concurrency and Computation: Practice & Experience
Analyzing multiple logs for forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Alert correlation using artificial immune recognition system
International Journal of Bio-Inspired Computation
FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems
International Journal of Network Management
A novel intrusion severity analysis approach for Clouds
Future Generation Computer Systems
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
Network specific vulnerability based alert reduction approach
Security and Communication Networks
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
We describe a mission-impact-based approach to the analysis of security alerts produced by spatially distributed heterogeneous information security (INFOSEC) devices, such as firewalls, intrusion detection systems, authentication services, and antivirus software. The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices through a strategy of topology analysis, alert prioritization, and common attribute-based alert aggregation. Our efforts to date have led to the development of a prototype system called the EMERALD Mission Impact Intrusion Report Correlation System, or M-Correlator. M-Correlator is intended to provide analysts (at all experience levels) a powerful capability to automatically fuse together and isolate those INFOSEC alerts that represent the greatest threat to the health and security of their networks.