See this document in CiteSeerX!

Mining Intrusion Detection Alarms for Actionable Knowledge (2002)  (Make Corrections)  (9 citations)
Klaus Julisch, Marc Dacier



  Home/Search   Context   Related

 
View or download:
unsw.edu.au/~qzhang/papers/221.pdf
ibm.com/~kju/KDD2002.pdf
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  unsw.edu.au/~qzhang/papers/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: In response to attacks against enterprise networks,administrators increasingly deploy intrusion detection systems. These systems monitor hosts,networks,and other resources for signs of security violations.The use of intrusion detection has given rise to another difficult problem,namely the handling of a generally large number of alarms.In this paper,we mine historical alarms to learn how future alarms can be handled more efficiently.First,we investigate episode rules with respect to their... (Update)

Cited by:   More
The Work of Intrusion Detection: - Rethinking The Role (2004)   (Correct)
Preserving the Big Picture: Visual Network Traffic Analysis.. - John Goodall Wayne (2006)   (Correct)
Building Attack Scenarios through Integration of.. - Correlation Methods Peng   (Correct)

Active bibliography (related documents):   More   All
0.6:   Using Adaptive Alert Classification to Reduce False Positives.. - Pietraszek (2004)   (Correct)
0.5:   An Overview of Document Mining Technology - Dixon (1997)   (Correct)
0.4:   Intrusion Detection: A Bibliography - Mé, Michel (2001)   (Correct)

Similar documents based on text:   More   All
0.3:   Dealing with False Positives in Intrusion Detection - Julisch (2000)   (Correct)
0.3:   Clustering Intrusion Detection Alarms to Support Root Cause.. - Julisch (2002)   (Correct)
0.3:   Unknown - Data Mining For   (Correct)

Related documents from co-citation:   More   All
7:   Aggregation and Correlation of Intrusion-Detection Alerts (context) - Debar, Wespi
6:   Probabilistic alert correlation - Valdes, Skinner
5:   Snort - Lightweight Intrusion Detection for Networks (context) - Roesch - 1999

BibTeX entry:   (Update)

K. Julisch and M. Dacier, "Mining Intrusion Detection Alarms for Actionable Knowledge," Proc. 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, July 2002. http://citeseer.ist.psu.edu/julisch02mining.html   More

@misc{ julisch02mining,
  author = "K. Julisch and M. Dacier",
  title = "Mining Intrusion Detection Alarms for Actionable Knowledge",
  text = "K. Julisch and M. Dacier, Mining Intrusion Detection Alarms for Actionable
    Knowledge, Proc. 8th ACM International Conference on Knowledge Discovery
    and Data Mining, Edmonton, July 2002.",
  year = "2002",
  url = "citeseer.ist.psu.edu/julisch02mining.html" }
Citations (may not include all citations):
349   Knowledge Acquisition Via Incremental Conceptual Clustering (context) - Fisher - 1987
190   Data Clustering: A Review - Jain, Murty et al. - 1999
127   Discovery of Frequent Episodes in Event Sequences - Mannila, Toivonen et al. - 1997
123   Bro: A System for Detecting Network Intruders in Real-Time - Paxson - 1999
114   Data-Driven Discovery of Quantitative Rules in Relational Da.. (context) - Han, Cai et al. - 1993
105   State Transition Analysis: A Rule-Based Intrusion Detection .. - Ilgun, Kemmerer et al. - 1995
98   ROCK: A Robust Clustering Algorithm for Categorical Attribut.. - Guha, Rastogi et al. - 2000
85   Discovering Generalized Episodes Using Minimal Occurences - Mannila, Toivonen - 1996
55   Exploration of the Power of Attribute-Oriented Induction in .. - Han, Fu - 1996
49   Adaptive Fraud Detection - Fawcett, Provost - 1997
44   CACTUS -- Clustering Categorical Data Using Summaries - Ganti, Gehrke et al. - 1999
41   The SRI IDES Statistical Anomaly Detector (context) - Javitz, Valdes - 1991
40   Aggregation and Correlation of Intrusion-Detection Alerts (context) - Debar, Wespi - 2001
38   Probabilistic Alert Correlation - Valdes, Skinner - 2001
36   Toward Scalable Learning with Non-Uniform Class and Cost Dis.. - Chan, Stolfo - 1998
36   Practical Automated Detection of Stealthy Portscans (context) - Staniford, Hoagland et al. - 2000
35   Conceptual Clustering in a First Order Logic Representation - Bisson - 1992
35   State of the Practice of Intrusion Detection Technologies - Allen, Christie et al. - 2000
33   Dynamic Generation and Refinement of Concept Hierarchies for.. - Han, Fu - 1994
32   Automated Construction of Classifications: Conceptual Cluste.. - Michalski, Stepp - 1983
25   Chapman and Hall (context) - Gordon - 1999
18   A Framework for Constructing Features and Models for Intrusi.. - Lee, Stolfo - 2000
16   Fusing Heterogeneous Alert Streams into Scenarios - Dain, Cunningham
15   Macmillan Technical Publishing (context) - Bace - 2000
13   A Data Mining Analysis of RTID Alarms (context) - Manganaris, Christensen et al. - 2000
10   Mining Alarm Clusters to Improve Alarm Handling E#ciency - Julisch - 2001
9   Criteria for Polynomial Time (context) - Pitt, Reinke - 1987
9   A Revised Taxonomy for Intrusion Detection Systems (context) - Debar, Dacier et al. - 2000
8   Detecting Novel Network Intrusions Using Bayes Estimators (context) - Barbara, Wu et al. - 2001
8   A Knowledge Discovery Methodology for Telecommunication Netw.. - Klemettinen - 1999
6   Computer Communications Review (context) - Bellovin, on - 1993
6   Developing Custom Intrusion Detection Filters Using Data Min.. (context) - Clifton, Gengo
5   ADAM: Detecting Intrusions by Data Mining (context) - Barbara, Couto et al. - 2001
4   Applications of Data Mining in Computer Security (context) - Barbara, Jajodia - 2002
3   Generality-Based Conceptual Clustering with Probabilistic Co.. (context) - Talavera, Bejar - 2001
2   Data Mining for Improving Intrusion Detection (context) - Bloedorn, Hill et al. - 2000
2   Attribute-Oriented Induction and Conceptual Clustering - Heinonen, Mannila - 1996
1   Mining Event Data for Actionable Patterns (context) - Hellerstein, Ma - 2000
1   IBM Outsourced Solution (context) - Broderick, Editor - 1998
1   How to Choose K Entries Among N (context) - Hansen, Jaumard et al. - 1995
1   Data Mining Meets Network Management: The Nemesis Project - Garofalakis, Rastogi - 2001



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.cse.unsw.edu.au/~qzhang/papers/):   More
Single-shot Detection of Multiple Categories of Text using.. - Ueda, Saito (2002)   (Correct)
Relational Markov Models and their Application to Adaptive.. - Anderson, Domingos (2002)   (Correct)
A Model for Discovering Customer Value for E-Content - Jagannathan, Nayak.. (2002)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC