The need for higher-level reasoning capabilities beyond low-level sensor abilities has prompted researchers to use different types of sensor fusion techniques for better situational awareness in the intrusion detection environment. These techniques primarily vary in terms of their mission objectives. Some prioritize alerts for alert reduction, some cluster alerts to identify common attack patterns, and some correlate alerts to identify multi-staged attacks. Each of these tasks has its own merits. Unlike previous efforts in this area, this dissertation combines the primary tasks of sensor alert fusion, i.e., alert prioritization, alert clustering and alert correlation into a single framework such that individual results are used to quantify ...
Distributed intrusion detection systems (IDS) are primarily deployed across the network to monitor,...
Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenev...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
Abstract- Alert fusion is a promising research area in information assurance today. To increase trus...
Abstract. The area of alert fusion for strengthening information assurance in systems is a promising...
International audienceManaging and supervising security in large networks has become a challenging t...
Cybercrime damage costs the world several trillion dollars annually. And al-though technic...
This paper is an extension of work originally presented in WITS-2017 CONF. We extend our previous wo...
Most intrusion detection systems available today are using a single audit source for detection, even...
The purpose of an intelligent alarm analysis system is to provide complete and manageable informatio...
Currently, the primary and pressing issue in IDS implementation is the enormous number of alerts gen...
Abstract: Large Critical Complex Infrastructures are increasingly dependent on IP networks. Reliabil...
The tremendous increase in usage and complexity of modern communication and network systems connecte...
Traditional intrusion detection systems (IDSs) focus on lowlevel attacks or anomalies, and raise ale...
Several alert correlation methods were proposed in the past several years to construct high-level at...
Distributed intrusion detection systems (IDS) are primarily deployed across the network to monitor,...
Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenev...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
Abstract- Alert fusion is a promising research area in information assurance today. To increase trus...
Abstract. The area of alert fusion for strengthening information assurance in systems is a promising...
International audienceManaging and supervising security in large networks has become a challenging t...
Cybercrime damage costs the world several trillion dollars annually. And al-though technic...
This paper is an extension of work originally presented in WITS-2017 CONF. We extend our previous wo...
Most intrusion detection systems available today are using a single audit source for detection, even...
The purpose of an intelligent alarm analysis system is to provide complete and manageable informatio...
Currently, the primary and pressing issue in IDS implementation is the enormous number of alerts gen...
Abstract: Large Critical Complex Infrastructures are increasingly dependent on IP networks. Reliabil...
The tremendous increase in usage and complexity of modern communication and network systems connecte...
Traditional intrusion detection systems (IDSs) focus on lowlevel attacks or anomalies, and raise ale...
Several alert correlation methods were proposed in the past several years to construct high-level at...
Distributed intrusion detection systems (IDS) are primarily deployed across the network to monitor,...
Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenev...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...