Accurate identification of misuse is a key factor in determining appropriate ways to protect systems. Modern intrusion detection systems often use alerts from different sources su...
Abstract. Correlating security alerts and discovering attack strategies are important and challenging tasks for security analysts. Recently, there have been several proposed techni...
We present an architecture1 designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and a...
Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we ...
Keun-Hee Han, Il-Gon Kim, Kang-Won Lee, Ji-Yeon Ch...
Originally published at Usenix LISA 2004 conference. November 2004 Atlanta, Georiga, USA. Log analysis is an important way to keep track of computers and networks. The use of auto...