From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods
Over the last five years there has been an increase in the frequency and diversity of network
attacks. This holds true, as more and more organizations admit compromises on a daily …
attacks. This holds true, as more and more organizations admit compromises on a daily …
A systematic survey on multi-step attack detection
Since the beginning of the Internet, cyberattacks have threatened users and organisations.
They have become more complex concurrently with computer networks. Nowadays …
They have become more complex concurrently with computer networks. Nowadays …
Comprehensive approach to intrusion detection alert correlation
Alert correlation is a process that analyzes the alerts produced by one or more intrusion
detection systems and provides a more succinct and high-level view of occurring or …
detection systems and provides a more succinct and high-level view of occurring or …
Attack plan recognition and prediction using causal networks
X Qin, W Lee - 20th Annual Computer Security Applications …, 2004 - ieeexplore.ieee.org
Correlating and analyzing security alerts is a critical and challenging task in security
management. Recently, some techniques have been proposed for security alert correlation …
management. Recently, some techniques have been proposed for security alert correlation …
A model-based survey of alert correlation techniques
As telecommunication networks evolve rapidly in terms of scalability, complexity, and
heterogeneity, the efficiency of fault localization procedures and the accuracy in the …
heterogeneity, the efficiency of fault localization procedures and the accuracy in the …
Alert correlation in collaborative intelligent intrusion detection systems—A survey
HT Elshoush, IM Osman - Applied Soft Computing, 2011 - Elsevier
As complete prevention of computer attacks is not possible, intrusion detection systems
(IDSs) play a very important role in minimizing the damage caused by different computer …
(IDSs) play a very important role in minimizing the damage caused by different computer …
On the design and use of internet sinks for network abuse monitoring
Monitoring unused or dark IP addresses offers opportunities to significantly improve and
expand knowledge of abuse activity without many of the problems associated with typical …
expand knowledge of abuse activity without many of the problems associated with typical …
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
In this paper, a new approach for detecting previously unencountered malware targeting
mobile device is proposed. In the proposed approach, time-stamped security data is …
mobile device is proposed. In the proposed approach, time-stamped security data is …
[PDF][PDF] Building Attack Scenarios through Integration of Complementary Alert Correlation Method.
Several alert correlation methods were proposed in the past several years to construct high-
level attack scenarios from low-level intrusion alerts reported by intrusion detection systems …
level attack scenarios from low-level intrusion alerts reported by intrusion detection systems …
Alert correlation survey: framework and techniques
R Sadoddin, A Ghorbani - … of the 2006 international conference on …, 2006 - dl.acm.org
Managing raw alerts generated by various sensors are becoming of more significance to
intrusion detection systems as more sensors with different capabilities are distributed …
intrusion detection systems as more sensors with different capabilities are distributed …