Intrusion Detection Alert Correlation Techniques

Many intrusion detection technologies are complementary to each other.The alert correlation technology analyzes alerts generated from different security products,so that false alerts are greatly reduced,real attacks are more easily discerned,accordingly,the work load on system administrators is largely released.Herein,basic models and technologies of alert correlation are discussed.Important correlation algorithms are analyzed;and development tendencies of alert correlation technologies are also predicted.

[1]  Christian S. Collberg,et al.  Software watermarking in the frequency domain: Implementation, analysis, and attacks , 2005, J. Comput. Secur..

[2]  Deborah A. Frincke,et al.  Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net , 2007, Comput. Networks.

[3]  William Zhu,et al.  On the QP Algorithm in Software Watermarking , 2005, ISI.

[4]  Alfonso Valdes,et al.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation , 2002, RAID.

[5]  Deborah A. Frincke,et al.  A Novel Framework for Alert Correlation and Understanding , 2004, ACNS.

[6]  Ramarathnam Venkatesan,et al.  A Graph Theoretic Approach to Software Watermarking , 2001, Information Hiding.

[7]  Christopher Krügel,et al.  Decentralized Event Correlation for Intrusion Detection , 2001, ICISC.

[8]  Miodrag Potkonjak,et al.  Hiding Signatures in Graph Coloring Solutions , 1999, Information Hiding.

[9]  Gang Qu,et al.  Analysis of watermarking techniques for graph coloring problem , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[10]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[11]  Angelos D. Keromytis,et al.  Hydan: Hiding Information in Program Binaries , 2004, ICICS.

[12]  A. Siraj,et al.  Multi-level alert clustering for intrusion detection sensor data , 2005, NAFIPS 2005 - 2005 Annual Meeting of the North American Fuzzy Information Processing Society.

[13]  Jasvir Nagra,et al.  Threading Software Watermarks , 2004, Information Hiding.

[14]  Christian S. Collberg,et al.  Error-correcting graphs for software watermarking , 2003 .

[15]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[16]  Wenke Lee,et al.  Attack plan recognition and prediction using causal networks , 2004, 20th Annual Computer Security Applications Conference.

[17]  Peng Ning,et al.  Analyzing Intensive Intrusion Alerts via Correlation , 2002, RAID.

[18]  Michael Stepp,et al.  Dynamic path-based software watermarking , 2004, PLDI '04.

[19]  Wenke Lee,et al.  Statistical Causality Analysis of INFOSEC Alert Data , 2003, RAID.

[20]  Neil J. Hurley,et al.  Securing Java through software watermarking , 2003, PPPJ.

[21]  Peng Ning,et al.  Building Attack Scenarios through Integration of Complementary Alert Correlation Method , 2004, NDSS.

[22]  Christian S. Collberg,et al.  Software Watermarking Through Register Allocation: Implementation, Analysis, and Attacks , 2003, ICISC.

[23]  Jens Palsberg,et al.  Experience with software watermarking , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[24]  Patrick Cousot,et al.  An abstract interpretation-based framework for software watermarking , 2004, POPL.