The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in ...
To defend against multi-step intrusions in high-speed networks, efficient algorithms are needed to correlate isolated alerts into attack scenarios. Existing correlation methods us...
Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. We sho...
Samuel T. King, Zhuoqing Morley Mao, Dominic G. Lu...
: Network intrusion detection systems are themselves becoming targets of attackers. Alert flood attacks may be used to conceal malicious activity by hiding it among a deluge of fa...
By looking on how computer security issues are handled today, dealing with numerous and unknown events is not easy. Events need to be normalized, abnormal behaviors must be describ...