We map intrusion events to known exploits in the network attack graph, and correlate the events through the corresponding attack graph distances. From this, we construct attack sc...
Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. We sho...
Samuel T. King, Zhuoqing Morley Mao, Dominic G. Lu...
Complementary security systems are widely deployed in networks to protect digital assets. Alert correlation is essential to understanding the security threats and taking appropria...