From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods

A Nisioti, A Mylonas, PD Yoo… - … Surveys & Tutorials, 2018 - ieeexplore.ieee.org
Over the last five years there has been an increase in the frequency and diversity of network
attacks. This holds true, as more and more organizations admit compromises on a daily …

A systematic survey on multi-step attack detection

J Navarro, A Deruyver, P Parrend - Computers & Security, 2018 - Elsevier
Since the beginning of the Internet, cyberattacks have threatened users and organisations.
They have become more complex concurrently with computer networks. Nowadays …

Comprehensive approach to intrusion detection alert correlation

F Valeur, G Vigna, C Kruegel… - IEEE Transactions on …, 2004 - ieeexplore.ieee.org
Alert correlation is a process that analyzes the alerts produced by one or more intrusion
detection systems and provides a more succinct and high-level view of occurring or …

Attack plan recognition and prediction using causal networks

X Qin, W Lee - 20th Annual Computer Security Applications …, 2004 - ieeexplore.ieee.org
Correlating and analyzing security alerts is a critical and challenging task in security
management. Recently, some techniques have been proposed for security alert correlation …

A model-based survey of alert correlation techniques

S Salah, G Maciá-Fernández, JE Díaz-Verdejo - Computer Networks, 2013 - Elsevier
As telecommunication networks evolve rapidly in terms of scalability, complexity, and
heterogeneity, the efficiency of fault localization procedures and the accuracy in the …

Alert correlation in collaborative intelligent intrusion detection systems—A survey

HT Elshoush, IM Osman - Applied Soft Computing, 2011 - Elsevier
As complete prevention of computer attacks is not possible, intrusion detection systems
(IDSs) play a very important role in minimizing the damage caused by different computer …

On the design and use of internet sinks for network abuse monitoring

V Yegneswaran, P Barford, D Plonka - Recent Advances in Intrusion …, 2004 - Springer
Monitoring unused or dark IP addresses offers opportunities to significantly improve and
expand knowledge of abuse activity without many of the problems associated with typical …

Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method

A Shabtai, U Kanonov, Y Elovici - Journal of systems and Software, 2010 - Elsevier
In this paper, a new approach for detecting previously unencountered malware targeting
mobile device is proposed. In the proposed approach, time-stamped security data is …

[PDF][PDF] Building Attack Scenarios through Integration of Complementary Alert Correlation Method.

P Ning, D Xu, CG Healey, RS Amant - NDSS, 2004 - academia.edu
Several alert correlation methods were proposed in the past several years to construct high-
level attack scenarios from low-level intrusion alerts reported by intrusion detection systems …

Alert correlation survey: framework and techniques

R Sadoddin, A Ghorbani - … of the 2006 international conference on …, 2006 - dl.acm.org
Managing raw alerts generated by various sensors are becoming of more significance to
intrusion detection systems as more sensors with different capabilities are distributed …