Alert correlation
1 Follower
Recent papers in Alert correlation
With the increasingly widespread deployment of security mechanisms, such as firewalls, intrusion detection systems (IDSs), antivirus software and authentication services, the problem of alert analysis has become very important. The large... more
ABSTRACT Digital control systems are essential to the safe and efficient operation of a variety of industrial processes in sectors such as electric power, oil and gas, water treatment, and manufacturing. Modern control systems are... more
ABSTRACT Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive intrusions, not... more
Summary With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to... more
Managing and analyzing a huge number of low-level alerts is very difficult and exhausting for network administrators. Alert correlation methods have been proposed to decrease the number of alerts and make them more intelligible. Proposed... more
The number of crime committed based on the malware intrusion is never ending as the number of malware variants is growing tremendously and the usage of internet is expanding globally. Malicious codes easily obtained and use as one of... more
By virtue of these different ap-proaches, each correlator is capable of reasoning about a distinct portion of the overall attack space. Notionally, correlators can cover, possibly overlapping, portions of an attack space. Collectively... more
The number of malware variants is growing tremendously and the study of malware attacks on the Internet is still a demanding research domain. In this research, various logs from different OSI layer are explore to identify the traces leave... more
The traditional worms such as Blaster, Code Red, Slammer and Sasser, are still infecting vulnerable machines on the internet. They will remain as significant threats due to their fast spreading nature on the internet. Various traditional... more
We present in this paper a decentralized architecture to correlate alerts between cooperative nodes in a secure multicast infrastructure. The purpose of this architecture is to detect and prevent the use of network resources to perform... more
In this paper we analyze the use of different types of statistical tests for the correlation of anomaly detection alerts. We show that the Granger Causality Test, one of the few proposals that can be extended to the anomaly detection... more
Abstract: Network intrusion detection sensors are usually built around low level models of network traffic. This means that their output is of a similarly low level and as a consequence, is difficult to analyze. Intrusion alert... more
Signature-based network intrusion-detection systems (NIDSs) often report a massive number of simple alerts of low-level security-related events. Many of these alerts are logically involved in a single multi-stage intrusion incident and a... more
Juan Manuel Madrid, Luis Eduardo Múnera, Carlos Andrey Montoya, Juan David Osorio, Luis Ernesto Cárdenas ICT Department Universidad Icesi Cali, Colombia ... Rodrigo Bedoya Cristian Latorre Sistemas TGR, SA Cali, Colombia ...... more
One of the most important challenges facing the intrusion detection systems (IDSs) is the huge number of generated alerts. A system administrator will be overwhelmed by these alerts in such a way that she/he cannot manage and use the... more
To defend against multi-step intrusions in high-speed networks, efficient algorithms are needed to correlate isolated alerts into attack scenarios. Existing correlation methods usually employ an in-memory index for fast searches among... more
Protecting and assuring confidential information on the internet is a crucial need. Many organizations have installed multiple security sensors for complete monitoring and detection (for example the deployment of network-based Intrusion... more
Worm detection systems have traditionally used global strategies and focused on scan rates. The noise associated with this approach requires statistical techniques and large data sets (e.g., 220 monitored machines) to yield timely alerts... more
Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive intrusions, not only... more
Page 1. International Journal of Network Security, Vol.5, No.1, PP.6672, July 2007 66 A Rule-Based Temporal Alert Correlation System Peyman Kabiri1 and Ali A. Ghorbani2 (Corresponding author: Peyman Kabiri) Department ...