Detection of coordinated attacks using alert correlation model

Alserhani, Faeiz; Akhlaq, Monis; Awan, Irfan; Cullen, Andréa

doi:10.1109/pic.2010.5687402

Cited by 6 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…So, how pattern recognition systems learn is based on four learning pivots: pattern adaption, hybrid adaption, neural networks and statistical identification which are not necessarily independent. In some cases, a composition of these methods is used [14].…”

Section: Evidential Fusion For Improvement Of Cyber Threat Pattern Rementioning

confidence: 99%

Multi-level Fusion To Improve Threat Pattern Recognition In Cyber Defense

Rashidi¹,

Ahmadi²,

Jafari³

2014

J. Math. Computer Sci.

View full text Add to dashboard Cite

Considering fast growth of internet and related network infrastructures, it is important to detect the intrusion and respond to it in a timely manner. Network intrusion can make vital information systems and communication networks inaccessible and imposes high cost of communication infrastructures. In order to gain high degrees of success in providing services, current and future generation of networking and internet technologies, require a set of tools to analyze the network and to detect the threats and intrusion in network. Due to main weakness in terms of high rate of false alarms and low accuracy of detection, by which cyber space detection and identification systems are opposed, fusion theory in decision level provides a new method for data analysis from multiple nodes in order to increase the possibility of intrusion detection through improving pattern recognition. This paper aims to present a novel method of fusion in decision level based on complex event processing and show how this method would be successful in exposing cyber threats for timely response.

show abstract

Section: Evidential Fusion For Improvement Of Cyber Threat Pattern Rementioning

confidence: 99%

Multi-level Fusion To Improve Threat Pattern Recognition In Cyber Defense

Rashidi¹,

Ahmadi²,

Jafari³

2014

J. Math. Computer Sci.

View full text Add to dashboard Cite

show abstract

“…Both of them have their own advantages and disadvantages in detecting intrusion alerts. As highlighted, the correctness and accuracy of the alerts are questionable particularly if the majority of the alerts are false positives [2]. This is a main problem for security analyst when the IDSs are generating a large number of alerts daily with mixed false positives and repeated warning for the same attack or alert notifications from erroneous activity.…”

Section: Expert System and Data Miningmentioning

confidence: 99%

“…The hackers gain unauthorized access to user's system by taking advantage of network and system vulnerabilities and carry out malicious activities in order to gain profits and bolster their reputation. The current trend in cyber-attacks are hidden, coordinated and slow-and-low [2]. Hence, Intrusion Detection Systems (IDSs) are considered a vital security defense to analyze audit events such as log records, network packets and the like in order to detect and respond to the malicious network traffic and computer misuse.…”

Section: Introductionmentioning

confidence: 99%

A Comparative Study of Alert Correlations for Intrusion Detection

Leau

Ramadass

Manickam

et al. 2013

2013 International Conference on Advanced Computer Science Applications and Technologies

View full text Add to dashboard Cite

The prevalent use of computer applications and communication technologies has rising the numbers of network intrusion attempts. These malicious attempts including hacking, botnets and works are pushing organization networks to a risky atmosphere where the intruder tries to compromise the confidentiality, integrity and availability of resources. In order to detect these malicious activities, Intrusion Detection Systems (IDSs) have been widely deployed in corporate networks. IDSs play an important role in monitoring traffic behaviors in a computer network, identifying the anomalous activity and notifying the security analyst with current network status. Unfortunately, one of the IDSs' drawbacks is they produce a large number of false positives and nonrelevant positives alerts that could overwhelm the security analyst. Therefore, the process of analyzing alerts in order to provide a more synthetic and high-level view of the attempted intrusions is needed. This process is called Alert Correlation. In this paper, we present commonly used alert correlation approaches and highlight their advantages and disadvantages from various perspectives. Subsequently, we summarize some current alert correlation models with their alert correlation approach.

show abstract

“…In general, an attacker conducts the bots to launch a variety of types of attacks such as phishing and spamming with a botn et, and then receives benefits from a variety of aspects such as economy and social security. Most of methods to detect bot's activities according to predefined patterns and signatures retrieved from well-known bots 3,4,5,6,7,8 . Although signature-based approaches are able to detect bots accurately, it is difficult to detect botnet in real time.…”

Section: Introductionmentioning

confidence: 99%

Fast Parallel Network Packet Filter System based on CUDA

Hung

Guo²

2014

IJNDC

View full text Add to dashboard Cite

In recent years, with the rapid development of the network hardware and software, the network speed is enhanced to multi-gigabit. Network packet filtering is an important strategy of network security to avoid malicious attacks, and it is a computation-consuming application. Therefore, we develop two efficient GPGPU-based parallel packet classification approaches to filter packets by leveraging thousands of threads. The experiment results demonstrate that the computational efficiency of filtering packet can be significantly enhanced by using GPGPU.

show abstract

Detection of coordinated attacks using alert correlation model

Cited by 6 publications

References 11 publications

Multi-level Fusion To Improve Threat Pattern Recognition In Cyber Defense

Multi-level Fusion To Improve Threat Pattern Recognition In Cyber Defense

A Comparative Study of Alert Correlations for Intrusion Detection

Fast Parallel Network Packet Filter System based on CUDA

Contact Info

Product

Resources

About