Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Cuppens, Frédéric; Autrel, Fabien; Bouzida, Yacine; García, José A.; Gombault, Sylvain; Sans, Thierry

doi:10.1007/bf03219974

Cited by 27 publications

(17 citation statements)

References 7 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Let us start by having a look to the main components of our attack prevention system [1,3]. A description of each component is presented in the following.…”

Section: Proposed Architecturementioning

confidence: 99%

“…All possible classifications and their respective attributes must be known by all the components of the system (i.e., analyzers and managers) and all analyzers must be capable of deriving instances of local events of arbitrary types. This way, the correlation process presented in [1,3] can be realized.…”

Section: Proposed Architecturementioning

confidence: 99%

“…It is therefore necessary to distribute a set of managers which are going to be in charge of executing a complete process to fuse, merge, and correlate the received information [1,3]. During a first stage, all the alerts associated to a single event, but reported by different analyzers, should be grouped and transformed into a single instance that uniquely identifies the occurrence of a single action in the system.…”

Section: Proposed Architecturementioning

confidence: 99%

“…Then, in a second stage, a correlation process allows the correlation of information between different alerts by looking to those logical links between single occurrences or actions in the system. The process presented in [1] shows how it is possible to implement this correlation process in order to find out which objectives are going to follow after these actions, and which possible countermeasures can be selected by the system in order to stop or neutralize malicious actions.…”

Section: Proposed Architecturementioning

confidence: 99%

“…In [1,3], we presented an attack prevention framework that is targeted at detecting as well as reacting to distributed and coordinated attack scenarios. Our approach is based on gathering and correlating information held by multiple sources.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Distributed Exchange of Alerts for the Detection of Coordinated Attacks

García

Jaeger

Miihl

et al. 2008

6th Annual Communication Networks and Services Research Conference (Cnsr 2008)

View full text Add to dashboard Cite

Attacks and intrusions to information systems cause large revenue losses. The prevention of these attacks is not always possible by just considering information from isolated sources of the network. A global view of the whole system is necessary to react against the different actions of such an attack. The design and deployment of a decentralized system targeted at detecting as well as reacting to information system attacks might benefit from the use of the publish/subscribe model. In this paper, we discuss the advantages and convenience in using this communication paradigm for a general decentralized attack prevention framework and overview the design and implementation of our approach by using a combination of two different publish/subscribe middleware products. Furthermore, we present a quantitative evaluation of our approach.

show abstract

“…Let us start by having a look to the main components of our attack prevention system [1,3]. A description of each component is presented in the following.…”

Section: Proposed Architecturementioning

confidence: 99%

Section: Proposed Architecturementioning

confidence: 99%

Section: Proposed Architecturementioning

confidence: 99%

Section: Proposed Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Distributed Exchange of Alerts for the Detection of Coordinated Attacks

García

Jaeger

Miihl

et al. 2008

6th Annual Communication Networks and Services Research Conference (Cnsr 2008)

View full text Add to dashboard Cite

show abstract

Towards Dynamic Risk Management: Success Likelihood of Ongoing Attacks

Kanoun¹,

Dubus²,

Papillon³

et al. 2012

Bell Labs Tech. J.

View full text Add to dashboard Cite

Solitary intrascrotal neurofibroma: A case diagnosed on aspiration cytology

Gupta

Singh

et al. 2010

Diagnostic Cytopathology

View full text Add to dashboard Cite

Solitary neurofibroma of the scrotum is exceedingly rare and very few cases of this unusual occurrance have been reported till date. None of the previously reported cases had a preoperative cytologic diagnosis. A young man presented with an eight-month history of right scrotal swelling. Fine-needle aspiration cytology showed a spindle cell tumor with fibrillary matrix and wavy slender nuclei. A cytologic diagnosis of benign nerve sheath tumor was rendered. The patient underwent surgical excision of the mass and histopathologic examination confirmed the diagnosis of a neurofibroma. This case is the first reported instance of aspiration cytologic diagnosis of intrascrotal neurofibroma. This rare tumor should be considered in the cytologic differential diagnoses of testicular and paratesticular tumors.

show abstract

Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework

Cited by 27 publications

References 7 publications

Distributed Exchange of Alerts for the Detection of Coordinated Attacks

Distributed Exchange of Alerts for the Detection of Coordinated Attacks

Towards Dynamic Risk Management: Success Likelihood of Ongoing Attacks

Solitary intrascrotal neurofibroma: A case diagnosed on aspiration cytology

Contact Info

Product

Resources

About