Correlation between NetFlow System and Network Views for Intrusion Detection
作者: William Yurcik , Kiran Lakkaraju , Cristina Abad , Yifan Li , Xiaoxin Yin
DOI:
关键词:
摘要: We present several ways to correlate security events from two applications that visualize the same underlying data with distinct views: system and network. Correlation of provide Security Engineers a better understanding what is happening for enhanced situational awareness. Visualization leverages human cognitive abilities promotes quick mental connections between otherwise may be obscured in volume IDS alert messages.
参考文章(16)
Christopher Krügel, Thomas Toth, Distributed Pattern Detection for Intrusion Detection. network and distributed system security symposium. ,(2002)
Peng Ning, Yun Cui, An Intrusion Alert Correlator Based on Prerequisites of Intrusions North Carolina State University at Raleigh. ,(2002)
William Yurcik, Kiran Lakkaraju, Mike Haberman, James Barlow, Two Visual Computer Network Security Monitoring Tools Incorporating Operator Interface Requirements ,(2003)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
Christopher Krügel, Thomas Toth, Clemens Kerer, Decentralized Event Correlation for Intrusion Detection international conference on information security and cryptology. ,vol. 2288, pp. 114- 131 ,(2001) , 10.1007/3-540-45861-1_10
Phillip A. Porras, Martin W. Fong, Alfonso Valdes, A mission-impact-based approach to INFOSEC alarm correlation recent advances in intrusion detection. pp. 95- 114 ,(2002) , 10.1007/3-540-36084-0_6
Oliver Dain, Robert K. Cunningham, Fusing A Heterogeneous Alert Stream Into Scenarios Applications of Data Mining in Computer Security. pp. 103- 122 ,(2002) , 10.1007/978-1-4615-0953-0_5
R.F. Erbacher, K.L. Walker, D.A. Frincke, Intrusion and misuse detection in large-scale systems IEEE Computer Graphics and Applications. ,vol. 22, pp. 38- 47 ,(2002) , 10.1109/38.974517
Kenneth C. Cox, Stephen G. Eick, Taosong He, 3D geographic network displays international conference on management of data. ,vol. 25, pp. 50- 54 ,(1996) , 10.1145/245882.245901
J. Haines, D. Kewley Ryder, L. Tinnel, S. Taylor, Validation of sensor alert correlators ieee symposium on security and privacy. ,vol. 1, pp. 46- 56 ,(2003) , 10.1109/MSECP.2003.1176995