نتایج جستجو برای: Alert Correlation
تعداد نتایج: 403255 فیلتر نتایج به سال:
Network Payload-based Anomaly Detection and Content-based Alert Correlation
In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection domain, strongly depends on good choices of a parameter which proves to be both sensitive and difficult to estimate. We propose a different approach based on a set...
Real-Time Intrusion Detection Alert Correlation
The number of crime committed based on the malware intrusion is never ending as the number of malware variants is growing tremendously and the usage of internet is expanding globally. Malicious codes easily obtained and use as one of weapon to gain their objective illegally. Hence, in this research, diverse logs from different OSI layer are explored to identify the traces left on the attacker a...
To my dear family: Thank you for all of your love, support and encouragements. iii ACKNOWLEDGEMENTS I would like to express my sincere and deep gratitude to my advisor, Dr. Wenke Lee, for his great support, guidance, patience and encouragement during the past several years. Wenke has not only guided and helped me on my research work, but also taught me important values of life. He can always di...
Organizations security becomes increasingly more difficult to obtain due to the fact that information technology and networking resources are dispersed across organizations. Network intrusion attacks are more and more difficult to detect even if the most sophisticated security tools are used. To address this problem, researchers and vendors have proposed alert correlation, an analysis process t...
Most of the existing intrusion detection systems (IDS) often generate large numbers of alerts which contain numerous false positives and non relevant positives. Alert correlation techniques aim to aggregate and combine the outputs of single/multiple IDS to provide a concise and broad view of the security state of network. Capability based alert correlator uses notion of capability to correlate ...
We propose a novel framework named Hidden Colored PetriNet for Alert Correlation and Understanding (HCPN-ACU) in intrusion detection system. This model is based upon the premise that intrusion detection may be viewed as an inference problem – in other words, we seek to show that system misusers are carrying out a sequence of steps to violate system security policies in some way, with earlier st...
Intrusion detection systems (IDS) suffer from a lack of scalability. Alert correlation has been introduced to address this challenge and is generally considered to be the major part of the solution. One of the steps in the correlation process is the verification of alerts. We have identified the relationships and interactions between correlation and verification. An overview of verification tes...
This paper presents the work we have done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS). This module implements functions to manage, cluster, merge and correlate alerts. The clustering and merging functions recognize alerts that correspond to the same occurrence of an attack and create a new alert that merge data contained in these various...
نمودار تعداد نتایج جستجو در هر سال
با کلیک روی نمودار نتایج را به سال انتشار فیلتر کنید