Intrusion alert prioritisation and attack detection using post-correlation analysis

Aggarwal, 2010, On clustering graph streams, 478 Ahmadinejad SH, and Jalili S. Alert correlation using correlation probability estimation and time windows. Computer Technology and Development, 2009. ICCTD'09. International Conference on. Vol. 2. IEEE; 2009. AlienVault, 2013 Alireza Sadighian, 2013 Alsubhi, 2012, FuzMet: a fuzzy-logic based alert prioritization engine for intrusion detection systems, Int J Netw Manag, 22, 263, 10.1002/nem.804 Alsubhi, 2008, Alert prioritization in intrusion detection systems, 33 Benferhat, 2013, An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge, Appl Intell, 38, 520, 10.1007/s10489-012-0383-7 Breunig, 2000, LOF: identifying density-based local outliers, 1 Cédric Michel, 2001, 353 Chen, 2014, Characterization of computer network events through simultaneous feature selection and clustering of intrusion alerts, 912107 Cheung, 2003, Modeling multistep cyber attacks for scenario recognition, 284 Cuppens, 2000, LAMBDA: a language to model a database for detection of attacks, 197 Dain, 2001, Fusing a heterogeneous alert stream into scenarios, 1 Debar, 2001, Aggregation and correlation of intrusion-detection alerts, 85 Ester, 1996, A density-based algorithm for discovering clusters in large spatial databases with noise Hofmann, 2011, Online intrusion alert aggregation with generative data stream modeling, IEEE Trans Dependable Secure Comput, 8, 282, 10.1109/TDSC.2009.36 IBM Corporation, 2013 Khan, 2010, Towards proximity pattern mining in large graphs, 867 Lagzian, 2012, Frequent item set mining-based alert correlation for extracting multi-stage attack scenarios, 1010 Marchetti, 2011, Identification of correlated network intrusion alerts Pseudo-Bayesian, 15 Ning, 2001 Ning, 2003, Learning attack strategies from intrusion alerts, 200 Noel, 2007, Attack graphs for sensor placement, alert prioritization, and attack response, 1 Patel, 2009 Pokrajac, 2007, Incremental local outlier detection for data streams Porras, 2002, A mission-impact-based approach to INFOSEC alarm correlation, 95 Qin, 2005 Ren, 2010, An online adaptive approach to alert correlation, 153 Sadoddin, 2009, An incremental frequent structure mining framework for real-time alert correlation, Comput Secur, 28, 153, 10.1016/j.cose.2008.11.010 Salah, 2013, A model-based survey of alert correlation techniques, Comput Netw, 57, 1289, 10.1016/j.comnet.2012.10.022 Shapiro, 1981, Structural descriptions and inexact matching, IEEE Trans Pattern Anal Mach Intell, 3, 504, 10.1109/TPAMI.1981.4767144 Shittu, 2014, OutMet: a new metric for prioritising intrusion alerts using correlation and outlier analysis Steven Eckmann, 2002, STATL: an attack language for state-based intrusion detection, J Comput Secur, 10, 71, 10.3233/JCS-2002-101-204 Sundaramurthy, 2011, Practical IDS alert correlation in the face of dynamic threats Tekhov, 2009 Valdes, 2001, Probabilistic alert correlation, 54 Verizon, 2013 Winter, 2012, System security assessment using a cyber range Yan X, and Han J. gSpan: Graph-based substructure pattern mining. ICDM 2003. Proceedings 2002 of IEEE International Conference on Data Mining. IEEE; 2002 Zali, 2013 Zomlot, 2011, Prioritizing intrusion analysis using Dempster–Shafer theory, 59