Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
نویسندگان
چکیده
منابع مشابه
Detecting outliers in multivariate data while controlling false alarm rate
Outlier identification often implies inspecting each z-transformed variable and adding a Mahalanobis D2. Multiple outliers may mask each other by increasing variance estimates. Caroni & Prescott (1992) proposed a multivariate extension of Rosner’s (1983) technique to circumvent masking, taking sample size into account to keep the false alarm risk below, say, α = .05. Simulations studies here co...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملAlert Correlation for Extracting Attack Strategies
Alert correlation is an important technique for managing large the volume of intrusion alerts that are raised by heterogenous Intrusion Detection Systems (IDSs). The recent trend of research in this area is towards extracting attack strategies from raw intrusion alerts. It is generally believed that pure intrusion detection no longer can satisfy the security needs of organizations. Intrusion re...
متن کاملControlling False Alarm/Discovery Rates in Online Internet Traffic Classification
Classifying Internet traffic flows online into applications or broader classes without inspecting the packet payloads or without relying on port numbers has become a necessity for network operators. The operators can use this information to monitor their networks and provide per-class quality of service. There has been a great deal of research done on Internet traffic classification recently an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Intelligent Data Analysis
سال: 2011
ISSN: 1571-4128,1088-467X
DOI: 10.3233/ida-2011-0504