Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
SARA --- system for inventory and static security control in a grid infrastructure
Building a National Distributed e-Infrastructure - PL-Grid
Security best practices: applying defense-in-depth strategy to protect the NGI_PL
Building a National Distributed e-Infrastructure - PL-Grid
A toolkit for storage qos provisioning for data-intensive applications
Building a National Distributed e-Infrastructure - PL-Grid
Hi-index | 0.00 |
ACARM-ng is an extensible, plug-in-based alert correlation framework. It introduces abstractions over correlation, reporting, reaction, gathering data from multiple sources and data storage. ACARM-ng supports real-time reporting, meaning that alerts can be reported while still being correlated. For an administrator, a Web User Interface is provided, to present gathered and correlated data in a consistent way. The system makes use of multi-core architectures and is written in C++.