Hacking Exposed: Network Security Secrets and Solutions,Third Edition
Hacking Exposed: Network Security Secrets and Solutions,Third Edition
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Validation of Sensor Alert Correlators
IEEE Security and Privacy
VisFlowConnect: netflow visualizations of link relationships for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Scalable visualization of propagating internet phenomena
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Visualizing Cyber Attacks using IP Matrix
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Multiple Coordinated Views for Network Attack Graphs
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Designing Visualization Capabilities for IDS Challenges
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Preserving the Big Picture: Visual Network Traffic Analysis with TN
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Topological analysis of network attack vulnerability
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Intrusion and misuse detection in large-scale systems
IEEE Computer Graphics and Applications
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Multistage attack detection system for network administrators using data mining
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Attacker behavior analysis in multi-stage attack detection system
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
| Hi-index | 0.00 |
In this paper, we present a method of handling the visualization of hetereogeneous event traffic that is generated by intrusion detection sensors, log files and other event sources on a computer network from the point of view of detecting multistage attack paths that are of importance. We perform aggregation and correlation of these events based on their semantic content to generate Attack Tracks that are displayed to the analyst in real-time. Our tool, called the Event Correlation for Cyber-Attack Recognition System (EC-CARS) enables the analyst to distinguish and separate an evolving multistage attack from the thousands of events generated on a network. We focus here on presenting the environment and framework for multistage attack detection using ECCARS along with screenshots that demonstrate its capabilities.