Conceptual clustering in a first order logic representation
ECAI '92 Proceedings of the 10th European conference on Artificial intelligence
ACM SIGCOMM Computer Communication Review
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Attribute-oriented induction in data mining
Advances in knowledge discovery and data mining
CACTUS—clustering categorical data using summaries
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
ACM Computing Surveys (CSUR)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Intrusion detection
ROCK: a robust clustering algorithm for categorical attributes
Information Systems
A data mining analysis of RTID alarms
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Generality-Based Conceptual Clustering with Probabilistic Concepts
IEEE Transactions on Pattern Analysis and Machine Intelligence
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Applications of Data Mining in Computer Security
Applications of Data Mining in Computer Security
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
Data Mining and Knowledge Discovery
Knowledge Acquisition Via Incremental Conceptual Clustering
Machine Learning
Criteria for Polynomial-Time (Conceptual) Clustering
Machine Learning
Data-Driven Discovery of Quantitative Rules in Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Automated support for classifying software failure reports
Proceedings of the 25th International Conference on Software Engineering
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
I know my network: collaboration and expertise in intrusion detection
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Solving Vector Consensus with a Wormhole
IEEE Transactions on Parallel and Distributed Systems
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Visualizing network traffic for intrusion detection
DIS '06 Proceedings of the 6th conference on Designing Interactive systems
Factor-analysis based anomaly detection and clustering
Decision Support Systems
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of active intrusion prevention data for predicting hostile activity in computer networks
Communications of the ACM
Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Automatic discovery of relationships across multiple network layers
Proceedings of the 2007 SIGCOMM workshop on Internet network management
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
The challenges of using an intrusion detection system: is it worth the effort?
Proceedings of the 4th symposium on Usable privacy and security
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
A decision support system for constructing an alert classification model
Expert Systems with Applications: An International Journal
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Study of intrusion detection system based on improved BP neural networks
First International Workshop on Artificial Intelligence in Grid Computing
ECML PKDD '09 Proceedings of the European Conference on Machine Learning and Knowledge Discovery in Databases: Part II
An intelligent contextual support system for intrusion detection tasks
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Enabling customer relationship management in ISP services through mining usage patterns
Expert Systems with Applications: An International Journal
Data mining and machine learning-Towards reducing false positives in intrusion detection
Information Security Tech. Report
Filtering intrusion detection alarms
Cluster Computing
Information Sciences: an International Journal
On the use of different statistical tests for alert correlation: short paper
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Application of the pagerank algorithm to alarm graphs
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Using unsupervised learning for network alert correlation
Canadian AI'08 Proceedings of the Canadian Society for computational studies of intelligence, 21st conference on Advances in artificial intelligence
Real-time classification of IDS alerts with data mining techniques
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Intrusion detection and security policy framework for distributed environments
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Weighted intra-transactional rule mining for database intrusion detection
PAKDD'06 Proceedings of the 10th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining
Classification of hidden network streams
DaWaK'06 Proceedings of the 8th international conference on Data Warehousing and Knowledge Discovery
Intrusion detection via analysis and modelling of user commands
DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery
Y-AOI: Y-means based attribute oriented induction identifying root cause for IDSs
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
Probabilistic inference strategy in distributed intrusion detection systems
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
An alert reasoning method for intrusion detection system using attribute oriented induction
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
ADMA'05 Proceedings of the First international conference on Advanced Data Mining and Applications
IDS false alarm filtering using KNN classifier
WISA'04 Proceedings of the 5th international conference on Information Security Applications
User modelling for exclusion and anomaly detection: a behavioural intrusion detection system
UMAP'10 Proceedings of the 18th international conference on User Modeling, Adaptation, and Personalization
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Actionable knowledge discovery and delivery
Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery
Event correlation for operations management of largescale IT systems
Proceedings of the 9th international conference on Autonomic computing
Exploratory mining over organisational communications data
AusDM '08 Proceedings of the 7th Australasian Data Mining Conference - Volume 87
Two-stage database intrusion detection by combining multiple evidence and belief update
Information Systems Frontiers
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
| Hi-index | 0.02 |
In response to attacks against enterprise networks, administrators increasingly deploy intrusion detection systems. These systems monitor hosts, networks, and other resources for signs of security violations. The use of intrusion detection has given rise to another difficult problem, namely the handling of a generally large number of alarms. In this paper, we mine historical alarms to learn how future alarms can be handled more efficiently. First, we investigate episode rules with respect to their suitability in this approach. We report the difficulties encountered and the unexpected insights gained. In addition, we introduce a new conceptual clustering technique, and use it in extensive experiments with real-world data to show that intrusion detection alarms can be handled efficiently by using previously mined knowledge.