—The complexity of modern networked information systems, as well as all the defense-in-depth best practices, require distributed intrusion detection architectures relying on the ...
: Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of fa...
Alert correlation systems are post-processing modules that enable intrusion analysts to find important alerts and filter false positives efficiently from the output of Intrusion...
Accurate identification of misuse is a key factor in determining appropriate ways to protect systems. Modern intrusion detection systems often use alerts from different sources su...
Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. We sho...
Samuel T. King, Zhuoqing Morley Mao, Dominic G. Lu...