ACARM-ng: next generation correlation framework
作者: Bartłomiej Balcerek , Bartosz Szurgot , Mariusz Uchroński , Wojciech Waga
DOI: 10.1007/978-3-642-28267-6_9
关键词:
摘要: ACARM-ng is an extensible, plug-in-based alert correlation framework. It introduces abstractions over correlation, reporting, reaction, gathering data from multiple sources and storage. supports real-time meaning that alerts can be reported while still being correlated. For administrator, a Web User Interface provided, to present gathered correlated in consistent way. The system makes use of multi-core architectures written C++.
springer.com
springerlink.com
acm.org 参考文章(8)
Herb Sutter, The Free Lunch Is Over A Fundamental Turn Toward Concurrency in Software ,(2013)
Paul Helman, Wynette Richards, Gunar E. Liepins, Foundations of Intrusion Detection. ieee computer security foundations symposium. pp. 114- 120 ,(1992)
Robert S. Sielken, Anita K. Jones, Computer System Intrusion Detection: A Survey ,(2000)
Peng Ning, Yun Cui, Douglas S. Reeves, Analyzing intensive intrusion alerts via correlation recent advances in intrusion detection. pp. 74- 94 ,(2002) , 10.1007/3-540-36084-0_5
L. Vokorokos, A. Balaz, Host-based intrusion detection system international conference on intelligent engineering systems. pp. 32- 36 ,(2010) , 10.1109/INES.2010.5483815
F. Valeur, G. Vigna, C. Kruegel, R.A. Kemmerer, Comprehensive approach to intrusion detection alert correlation IEEE Transactions on Dependable and Secure Computing. ,vol. 1, pp. 146- 169 ,(2004) , 10.1109/TDSC.2004.21
F. Cuppens, A. Miege, Alert correlation in a cooperative intrusion detection framework ieee symposium on security and privacy. pp. 202- 215 ,(2002) , 10.1109/SECPRI.2002.1004372
Herve Debar, Benjamin S. Feinstein, David A. Curry, The Intrusion Detection Message Exchange Format (IDMEF) RFC. ,vol. 4765, pp. 1- 157 ,(2007)