Alert correlation in a cooperative intrusion detection framework
作者: F. Cuppens , A. Miege
DOI: 10.1109/SECPRI.2002.1004372
关键词:
摘要: This paper presents the work we have done within MIRADOR project to design CRIM, a cooperative module for intrusion detection systems (IDS). implements functions manage, cluster, merge and correlate alerts. The clustering merging recognize alerts that correspond same occurrence of an attack create new alert data contained in these various Experiments show significantly reduce number However, also observe obtain are still too elementary be managed by security administrator. purpose correlation function is thus generate global synthetic focuses on approach suggest this function.
uta.edu 
acm.org 
sci-hub.se 参考文章(10)
Salvatore J. Stolfo, Wenke Lee, Combining Knowledge Discovery and Knowledge Engineering to Build IDSs. recent advances in intrusion detection. ,(1999)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
Jiahai Yang, Peng Ning, X. Sean Wang, Sushil Jajodia, CARDS: A Distributed System for Detecting Coordinated Attacks information security. pp. 171- 180 ,(2000) , 10.1007/978-0-387-35515-3_18
F. Cuppens, Managing alerts in a multi-intrusion detection environment annual computer security applications conference. pp. 22- 31 ,(2001) , 10.1109/ACSAC.2001.991518
Frédéric Cuppens, Rodolphe Ortalo, LAMBDA: A Language to Model a Database for Detection of Attacks recent advances in intrusion detection. pp. 197- 216 ,(2000) , 10.1007/3-540-39945-3_13
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Cédric Michel, Ludovic Mé, ADeLe: an attack description language for knowledge-based intrustion detection information security. pp. 353- 368 ,(2001) , 10.1007/0-306-46998-7_25
Ming-Yuh Huang, Robert J. Jasper, Thomas M. Wicks, A large scale distributed intrusion detection framework based on attack strategy analysis Computer Networks. ,vol. 31, pp. 2465- 2475 ,(1999) , 10.1016/S1389-1286(99)00114-0
Alfonso Valdes, Keith Skinner, Probabilistic Alert Correlation recent advances in intrusion detection. pp. 54- 68 ,(2001) , 10.1007/3-540-45474-8_4
Kristopher Kendall, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems Massachusetts Institute of Technology. ,(1999)