Intrusion detection products that are currently available only provide support in terms of intrusion prevention and intrusion detection. We discuss the limitations of current Intrusion Detection System technology, and propose a hierarchical event correlation approach to overcome such limitations1. The proposed solution allows to detect attack scenarios by collecting different information at several architectural levels, using distributed security probes, to perform complex event correlation and diagnosis analysis of intrusion symptoms. The escalation process from intrusion symptoms to the identified target and cause of the intrusion is driven by ontology
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
Several alert correlation methods were proposed in the past several years to construct high-level at...
Intrusion detection products that are currently available only provide support in terms of intrusion...
The purpose of this work is to improve intrusion detection techniques by developing a more general f...
Cloud computing is a new business model, which represents an opportunity for users, companies, and p...
This work presents a generic Intrusion Detection and Diagnosis System, which implements a comprehens...
Currently available products only provide some support in terms of Intrusion Prevention and Intrusio...
Despite the increased focus on security, complex networked systems remain vulnerable to attacks. Int...
Alert correlation is a process that analyzes the alerts produced by one or more intrusion detection ...
The notion of event correlation has been around for some time. Most recently, event correlation has ...
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log reso...
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
Several alert correlation methods were proposed in the past several years to construct high-level at...
Intrusion detection products that are currently available only provide support in terms of intrusion...
The purpose of this work is to improve intrusion detection techniques by developing a more general f...
Cloud computing is a new business model, which represents an opportunity for users, companies, and p...
This work presents a generic Intrusion Detection and Diagnosis System, which implements a comprehens...
Currently available products only provide some support in terms of Intrusion Prevention and Intrusio...
Despite the increased focus on security, complex networked systems remain vulnerable to attacks. Int...
Alert correlation is a process that analyzes the alerts produced by one or more intrusion detection ...
The notion of event correlation has been around for some time. Most recently, event correlation has ...
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log reso...
International audienceGenerally, the intruder must perform several actions, organized in an intrusio...
Alert correlation is a process that analyzes the raw alerts produced by one or more intrusion detect...
Several alert correlation methods were proposed in the past several years to construct high-level at...