Network operation consists to a large degree of reaction to activities happening in the network. Better knowledge of the network at any time allows more appropriate reactions. On the example of intrusion detection, we show how context-based correlation of such activities can provide a more detailed view of the network in shorter time. We first present how we model context and then describe the architecture of the Stanford University CEP context-based correlator. Correlation is specified as event patterns in a declarative language that allows us to specify what needs to be detected, instead of specifying how it should be detected. CEP introduces the concept of causal context to intrusion detection. The correlator is able to process events on...
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log reso...
[[abstract]]The current intrusion detection systems faced the problem of generating too many false a...
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterpris...
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
Complementary security systems are widely deployed in networks to protect digital assets. Alert corr...
International audienceManaging and supervising security in large networks has become a challenging t...
With the growing deployment of host-based and network-based intrusion detection systems in increasin...
Much computer communications activity is invisible to the user, happening without explicit permissio...
Alert correlation is a process that analyzes the alerts produced by one or more intrusion detection ...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
International audienceIn large distributed information systems, alert correlation systems are necess...
The purpose of this work is to improve intrusion detection techniques by developing a more general f...
Network intrusion detection sensors are usually built around low level models of network traffic. Th...
An intrusion detection system (IDS) perform postcompromise detection of security breaches whenever p...
An alert correlation is a high-level alert evaluation technique for managing large volumes of irrele...
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log reso...
[[abstract]]The current intrusion detection systems faced the problem of generating too many false a...
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterpris...
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
Complementary security systems are widely deployed in networks to protect digital assets. Alert corr...
International audienceManaging and supervising security in large networks has become a challenging t...
With the growing deployment of host-based and network-based intrusion detection systems in increasin...
Much computer communications activity is invisible to the user, happening without explicit permissio...
Alert correlation is a process that analyzes the alerts produced by one or more intrusion detection ...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
International audienceIn large distributed information systems, alert correlation systems are necess...
The purpose of this work is to improve intrusion detection techniques by developing a more general f...
Network intrusion detection sensors are usually built around low level models of network traffic. Th...
An intrusion detection system (IDS) perform postcompromise detection of security breaches whenever p...
An alert correlation is a high-level alert evaluation technique for managing large volumes of irrele...
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log reso...
[[abstract]]The current intrusion detection systems faced the problem of generating too many false a...
Network Intrusion Detection Systems (NIDS) are designed to safeguard the security needs of enterpris...