The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Validation of Sensor Alert Correlators
IEEE Security and Privacy
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Modern Applied Statistics with S
Modern Applied Statistics with S
Analyzing TCP traffic patterns using self organizing maps
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
| Hi-index | 0.00 |
In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection domain, strongly depends on good choices of a parameter which proves to be both sensitive and difficult to estimate. We propose a different approach based on a set of simpler statistical tests, and we prove that our criteria work well on a simplified correlation task, without requiring complex configuration parameters.