نتایج جستجو برای: Alert Correlation

تعداد نتایج: 403255  

2006
Ke Wang

Network Payload-based Anomaly Detection and Content-based Alert Correlation

2007
Federico Maggi Stefano Zanero

In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection domain, strongly depends on good choices of a parameter which proves to be both sensitive and difficult to estimate. We propose a different approach based on a set...

2006
Fredrik Valeur Richard Wolski Giovanni Vigna Richard A. Kemmerer

Real-Time Intrusion Detection Alert Correlation

Journal: :CoRR 2010
S. Siti Rahayu Y. Robiah S. Shahrin M. Mohd Zaki M. A. Faizal Z. A. Zaheera

The number of crime committed based on the malware intrusion is never ending as the number of malware variants is growing tremendously and the usage of internet is expanding globally. Malicious codes easily obtained and use as one of weapon to gain their objective illegally. Hence, in this research, diverse logs from different OSI layer are explored to identify the traces left on the attacker a...

2005
Xinzhou Qin

To my dear family: Thank you for all of your love, support and encouragements. iii ACKNOWLEDGEMENTS I would like to express my sincere and deep gratitude to my advisor, Dr. Wenke Lee, for his great support, guidance, patience and encouragement during the past several years. Wenke has not only guided and helped me on my research work, but also taught me important values of life. He can always di...

2010
Fatiha Benali Nadia Bennani Gabriele Gianini Stelvio Cimato

Organizations security becomes increasingly more difficult to obtain due to the fact that information technology and networking resources are dispersed across organizations. Network intrusion attacks are more and more difficult to detect even if the most sophisticated security tools are used. To address this problem, researchers and vendors have proposed alert correlation, an analysis process t...

2008
Navneet Kumar Pandey S. K. Gupta Shaveta Leekha

Most of the existing intrusion detection systems (IDS) often generate large numbers of alerts which contain numerous false positives and non relevant positives. Alert correlation techniques aim to aggregate and combine the outputs of single/multiple IDS to provide a concise and broad view of the security state of network. Capability based alert correlator uses notion of capability to correlate ...

2004
Dong Yu Deborah A. Frincke

We propose a novel framework named Hidden Colored PetriNet for Alert Correlation and Understanding (HCPN-ACU) in intrusion detection system. This model is based upon the premise that intrusion detection may be viewed as an inference problem – in other words, we seek to show that system misusers are carrying out a sequence of steps to violate system security policies in some way, with earlier st...

2006
Thomas Heyman Bart De Win Christophe Huygens Wouter Joosen

Intrusion detection systems (IDS) suffer from a lack of scalability. Alert correlation has been introduced to address this challenge and is generally considered to be the major part of the solution. One of the steps in the correlation process is the verification of alerts. We have identified the relationships and interactions between correlation and verification. An overview of verification tes...

2002
Frédéric Cuppens Alexandre Miège

This paper presents the work we have done within the MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS). This module implements functions to manage, cluster, merge and correlate alerts. The clustering and merging functions recognize alerts that correspond to the same occurrence of an attack and create a new alert that merge data contained in these various...

نمودار تعداد نتایج جستجو در هر سال

با کلیک روی نمودار نتایج را به سال انتشار فیلتر کنید