Alfonso Valdes and Keith Skinner SRI International {valdes,...  Home/Search
Context Related
| sri.com/users/valdes/prob_corr.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: sri.com/users/valdes/ (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: With the growing deployment of host and network intrusion detection systems, managing reports from these systems becomes critically important. We present a probabilistic approach to alert correlation, extending ideas from multisensor data fusion. Features used for alert correlation are based on alert content that anticipates evolving IETF standards. The probabilistic approach provides a unified mathematical framework for correlating alerts that match closely but not perfectly, where the... (Update)
Cited by: More
The Work of Intrusion Detection: - Rethinking The Role (2004) (Correct)
Techniques and Tools for Analyzing Intrusion Alerts - Ning, Cui, Reeves, Xu (2004) (Correct)
A Comprehensive Approach to Intrusion Detection Alert.. - Valeur, Vigna.. (2004) (Correct)
Similar documents (at the sentence level):
12.4%: Heterogeneous Sensor Correlation: A Case Study of Live.. - Andersson, Fong, Valdes (2002) (Correct)
Active bibliography (related documents): More All
0.1: Raj Basu, Robert K. Cunningham, Senior Member, IEEE, - Seth Webster Richard (2001) (Correct)
0.1: Detecting HTTP Tunneling Activities - Pack, Streilein, Webster, Cunningham (2002) (Correct)
0.1: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation.. - Mahoney, Chan (2003) (Correct)
Similar documents based on text: More All
0.7: Adaptive, Model-based Monitoring for Cyber Attack Detection - Valdes, Skinner (Correct)
0.4: An Adaptive Intrusion-Tolerant Server Architecture - Valdes, Almgren, Cheung.. (2001) (Correct)
0.3: Simulation Analysis of a Notional Intrusion Tolerant System - Sy St Em (Correct)
Related documents from co-citation: More All
27: Aggregation and Correlation of Intrusion-Detection Alerts (context) - Debar, Wespi
21: Alert correlation in a cooperative intrusion detection framework (context) - Cuppens, Miege - 2002
19: Practical automated detection of stealthy portscans (context) - Staniford, Hoagland et al. - 2000
BibTeX entry: (Update)
A. Valdes and K. Skinner. Probabilistic alert correlation. In Recent Advances in Intrusion Detection (RAID http://citeseer.ist.psu.edu/593497.html More
@article{ valdes01probabilistic,
author = "Alfonso Valdes and Keith Skinner",
title = "Probabilistic Alert Correlation",
journal = "Lecture Notes in Computer Science",
volume = "2212",
pages = "54--??",
year = "2001",
url = "citeseer.ist.psu.edu/593497.html" }
Citations (may not include all citations):760 Probabilistic Reasoning in Intelligent Systems (context) - Pearl - 1988
132 EMERALD: Event Monitoring Enabling Responses to Anomalous Li.. - Porras, Neumann - 1997
6 Adaptive, Model-based Monitoring for Cyber Attack Detection - Valdes, Skinner - 2000
1 Blue Sensors, Sensor Correlation, and Alert Fusion (context) - Valdes, Skinner - 2000
1 National Infrastructure Protection Center advisory (context) - Protection, http et al. - 2001
http://www.ietf.org/html.charters/idwg-charter.html
The graph only includes citing articles where the year of publication is known.
Documents on the same site (http://www.sdl.sri.com/users/valdes/):
An Adaptive Intrusion-Tolerant Server Architecture - Valdes, Almgren, Cheung.. (2001) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC