Alserhani, 2013 - Google Patents
A framework for multi-stage attack detectionAlserhani, 2013
- Document ID
- 17465367909530727303
- Author
- Alserhani F
- Publication year
- Publication venue
- 2013 Saudi International Electronics, Communications and Photonics Conference
External Links
Snippet
Network Intrusion Detection Systems (NIDS) are considered as essential mechanisms to ensure reliable security. In an intrusion detection context, none of the main detection approaches (signature-based and anomaly-based) are fully satisfactory. False positives …
- 238000001514 detection method 0 title abstract description 16
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computer systems utilising knowledge based models
- G06N5/02—Knowledge representation
- G06N5/022—Knowledge engineering, knowledge acquisition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240121263A1 (en) | Autonomous report composer | |
| US20230011004A1 (en) | Cyber security sandbox environment | |
| US12069073B2 (en) | Cyber threat defense system and method | |
| US11522882B2 (en) | Detection of adversary lateral movement in multi-domain IIOT environments | |
| Gupta et al. | Layered approach using conditional random fields for intrusion detection | |
| US20220360597A1 (en) | Cyber security system utilizing interactions between detected and hypothesize cyber-incidents | |
| Alserhani et al. | MARS: multi-stage attack recognition system | |
| US11449604B2 (en) | Computer security | |
| US20230135660A1 (en) | Educational Tool for Business and Enterprise Risk Management | |
| Ahmad et al. | Role of machine learning and data mining in internet security: standing state with future directions | |
| Alserhani | Alert correlation and aggregation techniques for reduction of security alerts and detection of multistage attack | |
| US11477225B2 (en) | Pre-emptive computer security | |
| Njogu et al. | A comprehensive vulnerability based alert management approach for large networks | |
| Angelini et al. | An attack graph-based on-line multi-step attack detector | |
| Alserhani | A framework for multi-stage attack detection | |
| Wang et al. | An end-to-end method for advanced persistent threats reconstruction in large-scale networks based on alert and log correlation | |
| Dwivedi et al. | Event correlation for intrusion detection systems | |
| Alserhani et al. | Event-based alert correlation system to detect SQLI activities | |
| WO2023283356A1 (en) | Cyber security system utilizing interactions between detected and hypothesize cyber-incidents | |
| Zhuang et al. | Applying data fusion in collaborative alerts correlation | |
| Amiri et al. | A complete operational architecture of alert correlation | |
| Soh | Advanced persistent threat detection using anomaly score calibration and multi-class classification | |
| Jiménez et al. | A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context | |
| CN118869373B (en) | Network attack early warning and tracing method, system and device based on logic knowledge graph | |
| Alserhani et al. | Detection of coordinated attacks using alert correlation model |