Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
An Intrusion Alert Correlator Based on Prerequisites of Intrusions
Adapting Query Optimization Techniques for Efficient Intrusion Alert Correlation
Adapting Query Optimization Techniques for Efficient Intrusion Alert Correlation
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Reasoning About Complementary Intrusion Evidence
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Alert Correlation through Triggering Events and Common Resources
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Trusted P2P Transactions with Fuzzy Reputation Aggregation
IEEE Internet Computing
Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A Hybrid Intrusion Detection and Visualization System
ECBS '06 Proceedings of the 13th Annual IEEE International Symposium and Workshop on Engineering of Computer Based Systems
Modeling network intrusion detection alerts for correlation
ACM Transactions on Information and System Security (TISSEC)
Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Collaborating against common enemies
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Intrusion Detection Systems
Intrusion detection alarms reduction using root cause analysis and clustering
Computer Communications
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
ACM Computing Surveys (CSUR)
A decision support system for constructing an alert classification model
Expert Systems with Applications: An International Journal
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Decentralized multi-dimensional alert correlation for collaborative intrusion detection
Journal of Network and Computer Applications
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognition
Journal of Network and Computer Applications
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Review: The use of computational intelligence in intrusion detection systems: A review
Applied Soft Computing
TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation
Advanced Engineering Informatics
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
Expert Systems with Applications: An International Journal
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Distributed self-organized collaboration of autonomous IDS sensors
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
A meta-cognitive sequential learning algorithm for neuro-fuzzy inference system
Applied Soft Computing
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Review: Intrusion detection system: A comprehensive review
Journal of Network and Computer Applications
Taxonomy and proposed architecture of intrusion detection and prevention systems for cloud computing
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Self-organized collaboration of distributed IDS sensors
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A distance sum-based hybrid method for intrusion detection
Applied Intelligence
| Hi-index | 0.00 |
As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuse- and anomaly-based. A collaborative, intelligent intrusion detection system (CIIDS) is proposed to include both methods, since it is concluded from recent research that the performance of an individual detection engine is rarely satisfactory. In particular, two main challenges in current collaborative intrusion detection systems (CIDSs) research are highlighted and reviewed: CIDSs system architectures and alert correlation algorithms. Different CIDSs system, architectures are explained and compared. The use of CIDSs together with other multiple security systems raise certain issues and challenges in, alert correlation. Several different techniques for alert correlation are discussed. The focus will be on correlation of CIIDS alerts. Computational, Intelligence approaches, together with their applications on IDSs, are reviewed. Methods in soft computing collectively provide understandable, and autonomous solutions to IDS problems. At the end of the review, the paper suggests fuzzy logic, soft computing and other AI techniques, to be exploited to reduce the rate of false alarms while keeping the detection rate high. In conclusion, the paper highlights opportunities for an integrated solution to large-scale CIIDS.