Manganaris, S., Christensen, M., Zerkle, D., and Hermiz, K. 2000. A data mining analysis of RTID alarms. Computer Networks 34, 571--577. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Mining Intrusion Detection Alarms for Actionable Knowledge - Julisch, Dacier (2002) (9 citations) (Correct)
....analyze the events occuring in a computer system. IDSs trigger alarms when they detect signs of security violations. The response to such security incidents is site dependent, but typically includes law suits, firewall reconfigurations, and the fixing of discovered vulnerabilities. Practitioners [9, 33] as well as researchers [8, 11, 30] have observed that IDSs can easily trigger thousands of alarms Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial ....
....to 99 of which are false positives (i.e. alarms that were triggered incorrectly by benign events) This flood of mostly false alarms has made it very di#cult to identify the (hidden) true attacks. For example, the manual investigation of alarms has been found to be labor intensive and error prone [9, 12, 33]. Tools to automate alarm investigation are being developed [12, 14, 42] but there is currently no silver bullet solution to this problem. This paper shows that data mining can be used to support and partially automate the investigation of intrusion detection alarms. Specifically, we mine ....
[Article contains additional citation context not shown here]
S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz. A Data Mining Analysis of RTID Alarms. Computer Networks, 34(4), October 2000.
Dealing with False Positives in Intrusion Detection - Julisch (2000) (1 citation) (Correct)
....Even though this is probably the way to go in the long run, for the time being, the necessary IDSs as well as the infrastructure to manage them are still in their infancy. Therefore, it has been suggested to build filters that autonomously remove false positives to relieve the security personnel [5]. This is the approach I will discuss in my talk. Note that a filter can be considered a second level IDS. Accordingly, there are two fundamental ways to build a filter: Either one uses knowledge about how to detect noteworthy alarms (knowledge based approach) or one models the normal alarm ....
....to build a filter: Either one uses knowledge about how to detect noteworthy alarms (knowledge based approach) or one models the normal alarm behavior and flags everything that stands out from the norm (behavior based approach) S. Manganaris et al. have used the second approach to build a filter [5]. I will present a hybrid approach. The rationale for a hybrid approach stems from first experiments I have conducted on nearly 40 MB of NetRanger [6] alarm data collected from five different sensors over a period of ten days. As a general rule, I observed that the five most frequent alarms ....
S. Manganaris, M. Christensen, D. Zerkle, and K. Hermiz. A Data Mining Analysis of RTID Alarms. Presented at RAID, 2nd Workshop on Recent Advances in Intrusion Detection, Sept. 7-9, 1999. URL: http://www.raid-symposium.org/raid99/index.html
Evaluating Intrusion Detection Systems: The 1998.. - Lippmann, Fried.. (2000) (3 citations) (Correct)
....this system was more than 3,000 false alarms per day to detect roughly 5 of the approximately 30 attack instances. Experience with a commercial keyword based system on many commercial sites also suggests that false alarm rates of thousands per day per site are required for good detection accuracy [22]. An analysis of the research systems, and experiments with the baseline system suggest that two characteristics of the research systems and of the evaluation led to improved performance of the research systems. First, attack signatures were similar between training and test data. Although new ....
S. Manganaris, M. Christensen, D. Serkle, and K. Hermix, "A Data Mining Analysis of RTID Alarms," in Proceedings of the 2 nd International Workshop on Recent Advances in Intrusion Detection (RAID 99), West Lafayette, Indiana, Sept 1999.
Intrusion Detection Systems: A Survey and Taxonomy - Axelsson (2000) (21 citations) (Correct)
....(MIDAS, NADIR, Haystack) are all of the type that make signature programmed default permit decisions on anomaly data. One could of course conceive of another type of detector that detects anomalies from signature data (or alarms in this case) and indeed one such system has been presented in [MCZH99] but unfortunately the details of this particular system are so sketchy as to preclude further classification here. It is probable that the detection thresholds of these systems, at least in the lower tier, can be lowered (the systems made more sensitive) because any false alarms at this ....
Stefanos Manganaris, Marvin Christensen, Dan Zerkle, and Keith Hermiz. A data mining analysis of RTID alarms. In 2nd International workshop on recent advances in intrusion detection, West Lafayette, Indiana, USA, 7--9 September 1999. Purdue University, CERIAS, CERIAS.
Techniques and Tools for Analyzing Intrusion Alerts - Ning, Cui, Reeves, Xu (2004) (1 citation) (Correct)
No context found.
Manganaris, S., Christensen, M., Zerkle, D., and Hermiz, K. 2000. A data mining analysis of RTID alarms. Computer Networks 34, 571--577.
Analyzing Intensive Intrusion Alerts Via Correlation - Peng Ning Yun (2002) (1 citation) (Correct)
No context found.
Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34 (2000) 571--577
Using Adaptive Alert Classification to Reduce False Positives.. - Pietraszek (2004) (Correct)
No context found.
Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. Computer Networks: The International Journal of Computer and Telecommunications Networking 34 (2000) 571--577.
Mining Alarm Clusters to Improve Alarm Handling Efficiency - Julisch (2001) (9 citations) (Correct)
No context found.
S. Manganaris et al. A Data Mining Analysis of RTID Alarms. In 2nd Workshop on Recent Advances in Intrusion Detection, 1999. http://www.raid-symposium. org/raid99/index.html.
Anomaly Detection Using Data Mining - Singh (1999) (Correct)
No context found.
Stefanos Manganaris, Marvin Christensen, Dan zerkle, Keith Hermiz "A Data Mining analysis of RTID alarms" Computer Networks 34 (2000) 571-577
Applications of Hidden Markov Models to Detecting.. - Ourston, Matzner.. (2003) (Correct)
No context found.
Manganaris, S., et al.: A Data Mining Analysis of RTID Alarms. In: 2nd International Workshop on Recent Advances in Intrusion Detection. Purdue University, West Lafayette, Indiana, USA (1999)
MINDS - Minnesota Intrusion Detection System - Ertöz, Eilertson, Lazarevic.. (Correct)
No context found.
Stefanos Manganaris, Marvin Christensen, Dan Zerkle, and Keith Hermiz. A data mining analysis of rtid alarms. In Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection RAID, West Lafayette, IN, 1999.
Analyzing Intensive Intrusion Alerts Via Correlation - Peng Ning Yun (2002) (1 citation) (Correct)
No context found.
Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34 (2000) 571--577
Intrusion Detection: A Bibliography - Mé, Michel (2001) (Correct)
No context found.
Manganaris, S., Christensen, M., Zerkle, D., and Hermiz, K. (1999). A Data Mining Analysis of RTID Alarms. Web proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection (RAID'99), http://www.raid-symposium.org/raid99.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC