Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic reasoning in intelligent systems: networks of plausible inference
Adaptive, Model-Based Monitoring for Cyber Attack Detection
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
IDS Interoperability and Correlation Using IDMEF and Commodity Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Alert aggregation in mobile ad hoc networks
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Coordinated internet attacks: responding to attack complexity
Journal of Computer Security
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Modeling network intrusion detection alerts for correlation
ACM Transactions on Information and System Security (TISSEC)
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Large-scale collection and sanitization of network security data: risks and challenges
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Diffusion and graph spectral methods for network forensic analysis
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Forensic analysis of logs: Modeling and verification
Knowledge-Based Systems
Automatic discovery of relationships across multiple network layers
Proceedings of the 2007 SIGCOMM workshop on Internet network management
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Coalitions of malicious intelligent agents
International Journal of Web Engineering and Technology
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Classification of intrusion detection alerts using abstaining classifiers
Intelligent Data Analysis
A vulnerability-driven approach to active alert verification
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
Two alternatives for handling preferences in qualitative choice logic
Fuzzy Sets and Systems
An adaptive automatically tuning intrusion detection system
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
Discovering Novel Multistage Attack Strategies
ADMA '07 Proceedings of the 3rd international conference on Advanced Data Mining and Applications
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Case-oriented alert correlation
WSEAS Transactions on Computers
Intrusion detection alarms reduction using root cause analysis and clustering
Computer Communications
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Data Mining for Intrusion Detection: From Outliers to True Intrusions
PAKDD '09 Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining
A decision support system for constructing an alert classification model
Expert Systems with Applications: An International Journal
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
A Formal Approach for the Forensic Analysis of Logs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Real-time alert correlation using stream data mining techniques
IAAI'08 Proceedings of the 20th national conference on Innovative applications of artificial intelligence - Volume 3
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation
Advanced Engineering Informatics
Description logics for an autonomic IDS event analysis system
Computer Communications
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Alert correlation by a retrospective method
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
An overview of network evasion methods
Information Security Tech. Report
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Towards identifying true threat from network security data
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Applying data mining techniques to analyze alert data
APWeb'03 Proceedings of the 5th Asia-Pacific web conference on Web technologies and applications
Mining attack correlation scenarios based on multi-agent system
Proceedings of the 2007 conference on Human interface: Part I
Using unsupervised learning for network alert correlation
Canadian AI'08 Proceedings of the Canadian Society for computational studies of intelligence, 21st conference on Advances in artificial intelligence
An ontology-based intrusion alerts correlation system
Expert Systems with Applications: An International Journal
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Malware characterization through alert pattern discovery
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
An online adaptive approach to alert correlation
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
NPSEC'05 Proceedings of the First international conference on Secure network protocols
A distributed and privacy-preserving method for network intrusion detection
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
A new alert correlation algorithm based on attack graph
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Security alert correlation using growing neural gas
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Journal of Network and Systems Management
Scalable analysis of attack scenarios
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
A new data fusion model of intrusion Detection-IDSFP
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
D-S evidence theory and its data fusion application in intrusion detection
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Attack scenario construction based on rule and fuzzy clustering
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
An effective method for analyzing intrusion situation through IP-Based classification
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Integrating IDS alert correlation and OS-Level dependency tracking
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Alert correlation analysis in intrusion detection
ADMA'06 Proceedings of the Second international conference on Advanced Data Mining and Applications
Y-AOI: Y-means based attribute oriented induction identifying root cause for IDSs
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
An alert reasoning method for intrusion detection system using attribute oriented induction
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Alarm clustering for intrusion detection systems in computer networks
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Conceptual analysis of intrusion alarms
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Behavioral distance for intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Asynchronous alert correlation in multi-agent intrusion detection systems
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
An alert data mining framework for network-based intrusion detection system
WISA'05 Proceedings of the 6th international conference on Information Security Applications
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
An alert correlation platform for memory-supported techniques
Concurrency and Computation: Practice & Experience
Analyzing multiple logs for forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Forensic feature extraction and cross-drive analysis
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Alert correlation using artificial immune recognition system
International Journal of Bio-Inspired Computation
FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems
International Journal of Network Management
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
A lone wolf no more: supporting network intrusion detection with real-time intelligence
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Limitation of honeypot/honeynet databases to enhance alert correlation
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Network specific vulnerability based alert reduction approach
Security and Communication Networks
Securing data warehouses from web-based intrusions
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Mobile Agent Based Network Defense System in Enterprise Network
International Journal of Handheld Computing Research
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Note: One-round multi-party communication complexity of distinguishing sums
Theoretical Computer Science
Human perspective to anomaly detection for cybersecurity
Journal of Intelligent Information Systems
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
| Hi-index | 0.00 |
With the growing deployment of host and network intrusion detection systems, managing reports from these systems becomes critically important. We present a probabilistic approach to alert correlation, extending ideas from multisensor data fusion. Features used for alert correlation are based on alert content that anticipates evolving IETF standards. The probabilistic approach provides a unified mathematical framework for correlating alerts that match closely but not perfectly, where the minimum degree of match required to fuse alerts is controlled by a single configurable parameter. Only features in common are considered in the fusion algorithm. For each feature we define an appropriate similarity function. The overall similarity is weighted by a specifiable expectation of similarity. In addition, a minimum similarity may be specified for some or all features. Features in this set must match at least as well as the minimum similarity specification in order to combine alerts, regardless of the goodness of match on the feature set as a whole. Our approach correlates attacks over time, correlates reports from heterogeneous sensors, and correlates multiple attack steps.