Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
IDS Interoperability and Correlation Using IDMEF and Commodity Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Alert aggregation in mobile ad hoc networks
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Solving Vector Consensus with a Wormhole
IEEE Transactions on Parallel and Distributed Systems
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Modeling network intrusion detection alerts for correlation
ACM Transactions on Information and System Security (TISSEC)
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Large-scale collection and sanitization of network security data: risks and challenges
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Diffusion and graph spectral methods for network forensic analysis
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Forensic analysis of logs: Modeling and verification
Knowledge-Based Systems
Immuno-inspired autonomic system for cyber defense
Information Security Tech. Report
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Security against probe-response attacks in collaborative intrusion detection
Proceedings of the 2007 workshop on Large scale attack defense
Cooperation forensic computing research
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
Classification of intrusion detection alerts using abstaining classifiers
Intelligent Data Analysis
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
A Multi-Sensor Model to Improve Automated Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Case-oriented alert correlation
WSEAS Transactions on Computers
Detecting low-profile scans in TCP anomaly event data
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
An adaptive architecture of applying vulnerability analysis to IDS alerts
ICAIT '08 Proceedings of the 2008 International Conference on Advanced Infocomm Technology
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Data fusion for improved situational understanding
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A Formal Approach for the Forensic Analysis of Logs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Decentralized log event correlation architecture
Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Description logics for an autonomic IDS event analysis system
Computer Communications
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Improvement in intrusion detection with advances in sensor fusion
IEEE Transactions on Information Forensics and Security
A dynamic fusion approach for security situation assessment
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Multilevel event correlation based on collaboration and temporal causal correlation
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Local area network anomaly detection using association rules mining
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Evaluation of the diagnostic capabilities of commercial intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Towards identifying true threat from network security data
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Mining attack correlation scenarios based on multi-agent system
Proceedings of the 2007 conference on Human interface: Part I
Intrusion-tolerant architectures: concepts and design
Architecting dependable systems
An ontology-based intrusion alerts correlation system
Expert Systems with Applications: An International Journal
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Picviz: finding a needle in a haystack
WASL'08 Proceedings of the First USENIX conference on Analysis of system logs
PRICAI'10 Proceedings of the 11th Pacific Rim international conference on Trends in artificial intelligence
NPSEC'05 Proceedings of the First international conference on Secure network protocols
IDS alert visualization and monitoring through heuristic host selection
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
A new alert correlation algorithm based on attack graph
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Journal of Network and Systems Management
Floguard: cost-aware systemwide intrusion defense via online forensics and on-demand IDS deployment
SAFECOMP'11 Proceedings of the 30th international conference on Computer safety, reliability, and security
Wireless Personal Communications: An International Journal
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Nexat: a history-based approach to predict attacker actions
Proceedings of the 27th Annual Computer Security Applications Conference
A design of network traffic analysis and monitoring system for early warning system
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
An effective method for analyzing intrusion situation through IP-Based classification
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Integrating IDS alert correlation and OS-Level dependency tracking
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Alert correlation analysis in intrusion detection
ADMA'06 Proceedings of the Second international conference on Advanced Data Mining and Applications
SVM based false alarm minimization scheme on intrusion prevention system
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
Y-AOI: Y-means based attribute oriented induction identifying root cause for IDSs
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
An alert reasoning method for intrusion detection system using attribute oriented induction
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Asynchronous alert correlation in multi-agent intrusion detection systems
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
An efficient forensic evidence collection scheme of host infringement at the occurrence time
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
An alert data mining framework for network-based intrusion detection system
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Processing flows of information: From data stream to complex event processing
ACM Computing Surveys (CSUR)
Multi-layer episode filtering for the multi-step attack detection
Computer Communications
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
An alert correlation platform for memory-supported techniques
Concurrency and Computation: Practice & Experience
Analyzing multiple logs for forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Inference in possibilistic network classifiers under uncertain observations
Annals of Mathematics and Artificial Intelligence
FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems
International Journal of Network Management
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
A lone wolf no more: supporting network intrusion detection with real-time intelligence
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Shedding light on log correlation in network forensics analysis
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Event stream database based architecture to detect network intrusion: (industry article)
Proceedings of the 7th ACM international conference on Distributed event-based systems
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
| Hi-index | 0.00 |
This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring intrusion-detection alerts and relating them together to expose a more condensed view of the security issues raised by intrusion-detection systems.