Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
IDS Interoperability and Correlation Using IDMEF and Commodity Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Alert aggregation in mobile ad hoc networks
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Data warehousing and data mining techniques for intrusion detection systems
Distributed and Parallel Databases
Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Modeling network intrusion detection alerts for correlation
ACM Transactions on Information and System Security (TISSEC)
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborating against common enemies
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Forensic analysis of logs: Modeling and verification
Knowledge-Based Systems
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Coalitions of malicious intelligent agents
International Journal of Web Engineering and Technology
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A vulnerability-driven approach to active alert verification
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
Two alternatives for handling preferences in qualitative choice logic
Fuzzy Sets and Systems
Implementing interactive analysis of attack graphs using relational databases
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
REFACING: An autonomic approach to network security based on multidimensional trustworthiness
Computer Networks: The International Journal of Computer and Telecommunications Networking
Automatic classification of security messages based on text categorization
NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
Modeling of information system correlated events time dependencies
NOTERE '08 Proceedings of the 8th international conference on New technologies in distributed systems
Discovering Novel Multistage Attack Strategies
ADMA '07 Proceedings of the 3rd international conference on Advanced Data Mining and Applications
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
A Multi-Sensor Model to Improve Automated Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Case-oriented alert correlation
WSEAS Transactions on Computers
Active Diagnosis of High-Level Faults in Distributed Internet Services
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
Information Systems Research
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
Formal Technique for Discovering Complex Attacks in Computer Systems
Proceedings of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07
Real-time alert correlation using stream data mining techniques
IAAI'08 Proceedings of the 20th national conference on Innovative applications of artificial intelligence - Volume 3
TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation
Advanced Engineering Informatics
Proceedings of the 2009 International Conference on Hybrid Information Technology
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Improvement in intrusion detection with advances in sensor fusion
IEEE Transactions on Information Forensics and Security
Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
Data mining and machine learning-Towards reducing false positives in intrusion detection
Information Security Tech. Report
Multilevel event correlation based on collaboration and temporal causal correlation
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Evaluating MAPSec by marking attack graphs
Wireless Networks
Filtering intrusion detection alarms
Cluster Computing
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Towards identifying true threat from network security data
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Mining attack correlation scenarios based on multi-agent system
Proceedings of the 2007 conference on Human interface: Part I
Application of the pagerank algorithm to alarm graphs
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Hybrid intrusion detection system for wireless sensor networks
ICCSA'07 Proceedings of the 2007 international conference on Computational science and Its applications - Volume Part II
An ontology-based intrusion alerts correlation system
Expert Systems with Applications: An International Journal
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
State-based network intrusion detection systems for SCADA protocols: a proof of concept
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
An online adaptive approach to alert correlation
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Community epidemic detection using time-correlated anomalies
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
A novel technique of recognising multi-stage attack behaviour
International Journal of High Performance Computing and Networking
A distributed and privacy-preserving method for network intrusion detection
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
IDS alert visualization and monitoring through heuristic host selection
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Formal analysis of intrusion detection systems for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Trust Management and Admission Control for Host-Based Collaborative Intrusion Detection
Journal of Network and Systems Management
Boosting performance in attack intention recognition by integrating multiple techniques
Frontiers of Computer Science in China
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Journal of Network and Systems Management
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Nexat: a history-based approach to predict attacker actions
Proceedings of the 27th Annual Computer Security Applications Conference
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Using contextual security policies for threat response
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
ICCS'05 Proceedings of the 5th international conference on Computational Science - Volume Part III
Integrating IDS alert correlation and OS-Level dependency tracking
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
SVM based false alarm minimization scheme on intrusion prevention system
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
Alarm clustering for intrusion detection systems in computer networks
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
FLIPS: hybrid adaptive intrusion prevention
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Implementing consistency checking in correlating attacks
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
Asynchronous alert correlation in multi-agent intrusion detection systems
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
An efficient forensic evidence collection scheme of host infringement at the occurrence time
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
ACARM-ng: next generation correlation framework
Building a National Distributed e-Infrastructure - PL-Grid
International Journal of Communication Systems
Analyzing multiple logs for forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Inference in possibilistic network classifiers under uncertain observations
Annals of Mathematics and Artificial Intelligence
Alert correlation using artificial immune recognition system
International Journal of Bio-Inspired Computation
E-NIPS: an event-based network intrusion prediction system
ISC'07 Proceedings of the 10th international conference on Information Security
Immunizing mobile ad hoc networks against collaborative attacks using cooperative immune model
Security and Communication Networks
Journal of Network and Systems Management
Approximate core allocation for large cooperative security games
ISRN Communications and Networking
Shedding light on log correlation in network forensics analysis
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking
Human perspective to anomaly detection for cybersecurity
Journal of Intelligent Information Systems
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
| Hi-index | 0.00 |
This paper presents the work we have done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS). This module implements functions to manage, cluster, merge and correlate alerts. The clustering and merging functions recognize alerts that correspond to the same occurrence of an attack and create a new alert that merge data contained in these various alerts. Experiments show that these functions significantly reduce the number of alerts. However, we also observe that alerts we obtain are still too elementary to be managed by a security administrator. The purpose of the correlation function is thus to generate global and synthetic alerts. This paper focuses on the approach we suggest to design this function.