Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Data mining: concepts and techniques
Data mining: concepts and techniques
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
Practical automated detection of stealthy portscans
Journal of Computer Security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Rule generalisation in intrusion detection systems using SNORT
International Journal of Electronic Security and Digital Forensics
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
Real-Time Alert Correlation with Type Graphs
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
An ontology-based intrusion alerts correlation system
Expert Systems with Applications: An International Journal
Proposing a multi-touch interface for intrusion detection environments
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Integrating innate and adaptive immunity for intrusion detection
ICARIS'06 Proceedings of the 5th international conference on Artificial Immune Systems
International Journal of Information Security and Privacy
| Hi-index | 0.00 |
Several alert correlation methods have been proposed over the past several years to construct high-level attack scenarios from low-level intrusion alerts reported by intrusion detection systems (IDSs). However, all of these methods depend heavily on the underlying IDSs, and cannot deal with attacks missed by IDSs. In order to improve the performance of intrusion alert correlation and reduce the impact of missed attacks, this paper presents a series of techniques to hypothesize and reason about attacks possibly missed by the IDSs. In addition, this paper also discusses techniques to infer attribute values for hypothesized attacks, to validate hypothesized attacks through raw audit data, and to consolidate hypothesized attacks to generate concise attack scenarios. The experimental results in this paper demonstrate the potential of these techniques in building high-level attack scenarios.