IDS Interoperability and Correlation Using IDMEF and Commodity Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Alert aggregation in mobile ad hoc networks
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Coordinated internet attacks: responding to attack complexity
Journal of Computer Security
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
System approach to intrusion detection using hidden Markov model
Proceedings of the 2006 international conference on Wireless communications and mobile computing
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
Forensic analysis of logs: Modeling and verification
Knowledge-Based Systems
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Classification of intrusion detection alerts using abstaining classifiers
Intelligent Data Analysis
A vulnerability-driven approach to active alert verification
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
Two alternatives for handling preferences in qualitative choice logic
Fuzzy Sets and Systems
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
Discovering Novel Multistage Attack Strategies
ADMA '07 Proceedings of the 3rd international conference on Advanced Data Mining and Applications
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Case-oriented alert correlation
WSEAS Transactions on Computers
Alert correlation survey: framework and techniques
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A logic-based model to support alert correlation in intrusion detection
Information Fusion
A Formal Approach for the Forensic Analysis of Logs
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation
Advanced Engineering Informatics
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
A dynamic fusion approach for security situation assessment
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
Data mining and machine learning-Towards reducing false positives in intrusion detection
Information Security Tech. Report
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Introducing reference flow control for detecting intrusion symptoms at the OS level
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Towards identifying true threat from network security data
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Mining attack correlation scenarios based on multi-agent system
Proceedings of the 2007 conference on Human interface: Part I
An ontology-based intrusion alerts correlation system
Expert Systems with Applications: An International Journal
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
NPSEC'05 Proceedings of the First international conference on Secure network protocols
A distributed and privacy-preserving method for network intrusion detection
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems: Part II
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Requirements of information reductions for cooperating intrusion detection agents
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
A new data fusion model of intrusion Detection-IDSFP
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
D-S evidence theory and its data fusion application in intrusion detection
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Integrating IDS alert correlation and OS-Level dependency tracking
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Alarm clustering for intrusion detection systems in computer networks
MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Conceptual analysis of intrusion alarms
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Advanced reaction using risk assessment in intrusion detection systems
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
An alert correlation platform for memory-supported techniques
Concurrency and Computation: Practice & Experience
Analyzing multiple logs for forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Limitation of honeypot/honeynet databases to enhance alert correlation
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Mobile Agent Based Network Defense System in Enterprise Network
International Journal of Handheld Computing Research
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
There are several approaches for intrusion detectionbut none of them is fully satisfactory. They generallygenerate too many false positives and the alerts are tooelementary and not enough accurate to be directlymanaged by a security administrator. A promisingapproach is to develop a cooperation module to analyzealerts and to generate more global and synthetic alerts.This paper presents the work we did in this context withinthe MIRADOR project. We suggest specifications for threefunctions: alert base management, alert clustering andalert merging. The approach is compliant with theIDMEF format currently being defined at the IETF.