Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
An Application of Machine Learning to Network Intrusion Detection
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Enhancing byte-level network intrusion detection signatures with context
Proceedings of the 10th ACM conference on Computer and communications security
Naive Bayes vs decision trees in intrusion detection systems
Proceedings of the 2004 ACM symposium on Applied computing
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Conceptual Integration of Flow-Based and Packet-Based Network Intrusion Detection
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Towards vulnerability-based intrusion detection with event processing
Proceedings of the 5th ACM international conference on Distributed event-based system
Processing flows of information: From data stream to complex event processing
ACM Computing Surveys (CSUR)
Anomaly Detection for Discrete Sequences: A Survey
IEEE Transactions on Knowledge and Data Engineering
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
An Overview of IP Flow-Based Intrusion Detection
IEEE Communications Surveys & Tutorials
| Hi-index | 0.00 |
This paper presents a novel network intrusion detection architecture built on a real-time streaming database platform. The architecture addresses both misuse and anomaly detection and is built to handle the high data volume, velocity and variety of traffic seen in enterprise networks through the use of in-memory stream processing. Traditional intrusion pattern detection systems look at the internal attributes of individual events to determine malicious intent; our architecture supports and extends that paradigm by adding the ability to detect both malicious and anomalous intrusion patterns in multi-step event sequences. The approach uses context based stream partitioning to minimize noise in input streams. The solution employs event labeling to reduce dimensionality and manage complexity of raw input streams. The architecture allows for aggregating alerts from an ensemble of detectors to provide a more reliable result by minimizing false positives. Furthermore, it allows domain experts to define high-level rules to filter trivial alerts. In this publication we will present the internals our architecture, its merits, along with a detailed description of our reference implementation.