Matrix computations (3rd ed.)
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Practical automated detection of stealthy portscans
Journal of Computer Security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Managing Cyber Threats: Issues, Approaches, and Challenges (Massive Computing)
Managing Cyber Threats: Issues, Approaches, and Challenges (Massive Computing)
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Pattern Recognition and Machine Learning (Information Science and Statistics)
Pattern Recognition and Machine Learning (Information Science and Statistics)
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
| Hi-index | 0.00 |
Stealthy, goal-oriented multistage attacks are difficult to detect since they often consist of specific attack steps that do not cause significant variations in the statistical distributions of data streams. We present an approach for attack scenario detection and recognition that is based on analyzing data streams from multiple heterogeneous sensors. Events captured from these sensors are used to generate high-dimensional state vectors that characterize overall system-wide activity. Monitoring the time series of these state vectors through Principal Component Analysis forms the basis of an anomaly detection technique for real-time scenario detection. Data traffic from a real network that emulates a military intelligence network is used to test and validate this approach. Results indicate that our approach is both effective and has low computational requirements, making it a candidate for practical implementation.