Peng Ning, Yun Cui, and Douglas S. Reeves Department of Computer Science...  Home/Search
Context Related
| ncsu.edu/pub/tech/200...TR200204.ps.Z Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: ncsu.edu/research/techr...README (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive intrusions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. (Update)
Similar documents based on text: More All
0.5: Constructing Attack Scenarios through Correlation of.. - Ning, Cui, Reeves (2002) (Correct)
0.4: An Intrusion Alert Correlator Based on Prerequisites of Intrusions - Ning, Cui (2002) (Correct)
0.4: Correlating Alerts Using Prerequisites of Intrusions - Ning, Reeves, Cui (2001) (Correct)
Related documents from co-citation: More All
5: Probabilistic alert correlation - Valdes, Skinner
5: requireprovide model computer attack - Templeton, requires et al. - 2000
5: Alert correlation in a cooperative intrusion detection framework (context) - Cuppens, Miege - 2002
BibTeX entry: (Update)
P. Ning, Y. Cui, and D. S. Reeves. Analyzing intensive intrusion alerts via correlation. In Proc. of the 5th Int'l Symposium on Recent Advances in Intrusion Detection (RAID 2002. http://citeseer.ist.psu.edu/article/ning02analyzing.html More
@misc{ ning02analyzing,
author = "P. Ning and Y. Cui and D. Reeves",
title = "Analyzing intensive intrusion alerts via correlation",
text = "P. Ning, Y. Cui, and D. S. Reeves. Analyzing intensive intrusion alerts
via correlation. In Proc. of the 5th Int'l Symposium on Recent Advances
in Intrusion Detection (RAID 2002.",
year = "2002",
url = "citeseer.ist.psu.edu/article/ning02analyzing.html" }
Citations (may not include all citations):105 State transition analysis: A rule-based intrusion detection .. - Ilgun, Kemmerer et al. - 1995
62 The NIDES statistical component: Description and justificati.. (context) - Javits, Valdes - 1993
50 NetSTAT: A network-based intrusion detection system - Vigna, Kemmerer - 1999
40 Aggregation and correlation of intrusion-detection alerts (context) - Debar, Wespi - 2001
38 Probabilistic alert correlation - Valdes, Skinner - 2001
36 Practical automated detection of stealthy portscans (context) - Staniford, Hoagland et al. - 2002
22 Abstraction-based misuse detection: High-level specification.. - Lin, Wang et al. - 1998
20 LAMBDA: A language to model a database for detection of atta.. (context) - Cuppens, Ortalo - 2000
17 requireprovide model computer attack - requires, for et al. - 2000
16 Fusing a heterogeneous alert stream into scenarios - Dain, Cunningham - 2001
13 A data mining analysis of RTID alarms (context) - Manganaris, Christensen et al. - 2000
9 Macmillan Technology Publishing (context) - Bace - 2000
8 Abstraction-based intrusion detection in distributed environ.. - Ning, Jajodia et al. - 2001
6 An intrusion alert correlator based on prerequisites of intr.. - Ning, Cui - 2002
4 Correlating alerts using prerequisites of intrusions - Ning, Reeves et al. - 2001
2 DEFCON: Def con capture the flag (context) - con, flag et al. - 2000
1 intrusion detection evaluation datasets (context) - Lab - 2000
http://www.iss.net
http://www.research.att.com/sw/tools/graphviz/
The graph only includes citing articles where the year of publication is known.
Documents on the same site (http://osl.csc.ncsu.edu/research/tech-reports/README.html): More
The Expected Size of the Sphere-of-Influence Graph - Dwyer (1995) (Correct)
Affordances for Acting in Direct Manipulation Interfaces - Amant (1998) (Correct)
HiPeR-l: A High Performance Reservation Protocol with.. - Sivaraman, Rouskas (1996) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC