VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing
IEEE Computer Graphics and Applications
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A Multi-Sensor Model to Improve Automated Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Semi-Autonomic Framework for Intrusion Tolerance in Heterogeneous Networks
IWSOS '08 Proceedings of the 3rd International Workshop on Self-Organizing Systems
Understanding customer problem troubleshooting from storage system logs
FAST '09 Proccedings of the 7th conference on File and storage technologies
A symptom-based taxonomy for an early detection of network attacks
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
High-speed intrusion detection in support of critical infrastructure protection
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
System log summarization via semi-Markov models of inter-arrival times
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.00 |
Intrusion detection is an important part of networked-systems security protection. Although commercial productsexist, finding intrusions has proven to be a difficult task withlimitations under current techniques. Therefore, improvedtechniques are needed. We argue the need for correlatingdata among different logs to improve intrusion detectionsystems accuracy. We show how different attacks are reflected in different logs and argue that some attacks are notevident when a single log is analyzed. We present experimental results using anomaly detection for the virus Yaha.Through the use of data mining tools (RIPPER) and correlation among logs we improve the effectiveness of an intrusion detection system while reducing false positives.