ACARM-ng: next generation correlation framework

Authors:
Bart$#322/omiej Balcerek;Bartosz Szurgot;Mariusz Uchro$#324/ski;Wojciech Waga
Affiliations:
WCSS, Wroc$#322/aw University of Technology, Wroc$#322/aw, Poland;WCSS, Wroc$#322/aw University of Technology, Wroc$#322/aw, Poland;WCSS, Wroc$#322/aw University of Technology, Wroc$#322/aw, Poland;WCSS, Wroc$#322/aw University of Technology, Wroc$#322/aw, Poland
Venue:
Building a National Distributed e-Infrastructure - PL-Grid
Year:
2012

Citing 3
Cited 3

Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
Analyzing intensive intrusion alerts via correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

SARA --- system for inventory and static security control in a grid infrastructure

Building a National Distributed e-Infrastructure - PL-Grid
Security best practices: applying defense-in-depth strategy to protect the NGI_PL

Building a National Distributed e-Infrastructure - PL-Grid
A toolkit for storage qos provisioning for data-intensive applications

Building a National Distributed e-Infrastructure - PL-Grid

Quantified Score

Hi-index	0.00

Visualization

Abstract

ACARM-ng is an extensible, plug-in-based alert correlation framework. It introduces abstractions over correlation, reporting, reaction, gathering data from multiple sources and data storage. ACARM-ng supports real-time reporting, meaning that alerts can be reported while still being correlated. For an administrator, a Web User Interface is provided, to present gathered and correlated data in a consistent way. The system makes use of multi-core architectures and is written in C++.