نتایج جستجو برای: alert correlation

تعداد نتایج: 403255  

Journal: :CoRR 2010
Y. Robiah S. Siti Rahayu S. Shahrin M. A. Faizal M. Mohd Zaki R. Marliza

The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional worms attack pattern has been analyzed from various logs at different OSI layers such as victim logs, attacker logs and IDS alert log. These worms attack patte...

Journal: :Computers & Security 2010
Chenfeng Vincent Zhou Christopher Leckie Shanika Karunasekera

Coordinated attacks, such as large-scale stealthy scans, worm outbreaks and distributed denial-of-service (DDoS) attacks, occur in multiple networks simultaneously. Such attacks are extremely difficult to detect using isolated intrusion detection systems (IDSs) that monitor only a limited portion of the Internet. In this paper, we summarize the current research directions in detecting such atta...

2008
Reuben Smith Nathalie Japkowicz Maxwell G. Dondo Peter Mason

Alert correlation systems are post-processing modules that enable intrusion analysts to find important alerts and filter false positives efficiently from the output of Intrusion Detection Systems. Typically, however, these modules require high levels of human involvement in creating the system and/or maintaining it, as patterns of attacks change as often as from month to month. We present an al...

Journal: :CoRR 2010
S. Siti Rahayu Y. Robiah S. Shahrin M. Mohd Zaki R. Irda M. A. Faizal

The number of malware variants is growing tremendously and the study of malware attacks on the Internet is still a demanding research domain. In this research, various logs from different OSI layer are explore to identify the traces leave on the attacker and victim logs, and the attack worm trace pattern are establish in order to reveal true attacker or victim. For the purpose of this paper, it...

2013
Seyed Ali Mirheidari Sajjad Arshad Rasool Jalili

Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection Systems and reduces false alerts, detects high level patterns of attacks, increases the meaning of occurred incidents, predicts the future states of attacks, and detects root cause of attacks. To reach these goals, many algorithms have been introduced in the world with many advantages and disadvantages. I...

2015
Benjamin David Uphoff Thomas Daniels Shashi Gadia Ying Cai Samik Basu

correlation between the clustered alerts' network activity profiles. Using this technique, alerts from multiple IDS, IPS and ADS sensors can be correlated without the need of normalization, the use of an alert ontology or expert rules. Additionally, our approach does not temporally constrain the correlation process, allowing for long-term trend analysis and knowledge discovery. Although our cur...

2002
Peng Ning Dingbang Xu

Intrusion alert correlation is the process to identify high-level attack scenarios by reasoning about low-level alerts raised by intrusion detection systems (IDS). The efficiency of intrusion alert correlation is critical in enabling interactive analysis of intrusion alerts as well as prompt responses to attacks. This paper presents an experimental study aimed at adapting main memory index stru...

نمودار تعداد نتایج جستجو در هر سال

با کلیک روی نمودار نتایج را به سال انتشار فیلتر کنید