Intrusion detection: introduction to intrusion detection and security information management

Authors:
Hervé Debar;Jouni Viinikka
Affiliations:
France Télécom Division R&D, Caen Cedex 4;France Télécom Division R&D, Caen Cedex 4
Venue:
Foundations of Security Analysis and Design III
Year:
2005

Citing 11
Cited 2

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A fast string searching algorithm

Communications of the ACM
Programming Techniques: Regular expression search algorithm

Communications of the ACM
An analysis of using reflectors for distributed denial-of-service attacks

ACM SIGCOMM Computer Communication Review
Mining Alarm Clusters to Improve Alarm Handling Efficiency

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Detecting stepping stones

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A mission-impact-based approach to INFOSEC alarm correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Evaluation of the diagnostic capabilities of commercial intrusion detection systems

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics

IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part I: Bio-Inspired Systems: Computational and Ambient Intelligence
A novel approach for protection of confidential web contents

ECC'11 Proceedings of the 5th European conference on European computing conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper covers intrusion detection and security information management technologies. It presents a primer on intrusion detection, focusing on data sources and analysis techniques. Data sources presented therein are classified according to the capture mechanism and we include an evaluation of the accuracy of these data sources. Analysis techniques are classified into misuse detection, using the explicit body of knowledge about security attacks to generate alerts, and anomaly detection, where the safe or normal operation of the monitored information system is described and alerts generated for anything that does not belong to that model. It then describes security information management and alert correlation technologies that are in use today. We particularly describe statistical modeling of alert flows and explicit correlation between alert information and vulnerability assessment information.