Klaus Julisch  Home/Search
Context Related
| ibm.com/~kju/tissec.pdf Cached: PS.gz PS PDF This document uses CoBlitz to cache paper downloads. If your firewall is blocking outgoing connections to port 3125, you can use these links to download local copies.
Image Update HelpPS.gz PS PDF From: ibm.com/~kju/ (more) (Enter author homepages) |
Rate this article:      (best)Comment on this article |
Abstract: This article presents a new approach for handling intrusion detection alarms more e#ciently. Central to this approach is the notion that each alarm occurs for a reason, which is referred to as the alarm's root causes. This article observes that a few dozens of rather persistent root causes generally account for over 90% of the alarms that an intrusion detection system triggers. Therefore, we argue that alarms should be handled by identifying and removing the most predominant and persistent root ... (Update)
Cited by: More
The Work of Intrusion Detection: - Rethinking The Role (2004) (Correct)
Preserving the Big Picture: Visual Network Traffic Analysis.. - John Goodall Wayne (2006) (Correct)
Alert Correlation through Triggering Events and Common Resources - Dingbang Xu And (Correct)
Similar documents based on text: More All
0.8: Mining Alarm Clusters to Improve Alarm Handling Efficiency - Julisch (2001) (Correct)
0.5: Unknown - Data Mining For (Correct)
0.3: Mining Intrusion Detection Alarms for Actionable Knowledge - Julisch, Dacier (2002) (Correct)
Related documents from co-citation: More All
6: Snort - Lightweight Intrusion Detection for Networks (context) - Roesch - 1999
5: Aggregation and Correlation of Intrusion-Detection Alerts (context) - Debar, Wespi
4: Intrusion and intrusion detection (context) - McHugh - 2001
BibTeX entry: (Update)
Julisch, K. (2003) Clustering Intrusion Detection Alarms to Support Root Cause Analysis, ACM Transactions on Information and System Security, 6, 4, 443-471. http://citeseer.ist.psu.edu/julisch02clustering.html More
@misc{ julisch03clustering,
author = "K. Julisch",
title = "Clustering Intrusion Detection Alarms to Support Root Cause Analysis",
text = "Julisch, K. (2003) Clustering Intrusion Detection Alarms to Support Root
Cause Analysis, ACM Transactions on Information and System Security, 6,
4, 443-471.",
year = "2003",
url = "citeseer.ist.psu.edu/julisch02clustering.html" }
Citations not processed or no citations identified.
The graph only includes citing articles where the year of publication is known.
Documents on the same site (http://www.zurich.ibm.com/~kju/): More
Unknown - Top-Down Query Optimizers (Correct)
Mining Intrusion Detection Alarms for Actionable Knowledge - Julisch, Dacier (2002) (Correct)
Mining Alarm Clusters to Improve Alarm Handling Efficiency - Julisch (2001) (Correct)
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC