Al-Mamory et al., 2007 - Google Patents
Scenario discovery using abstracted correlation graphAl-Mamory et al., 2007
View PDF- Document ID
- 1369744642501237323
- Author
- Al-Mamory S
- Zhang H
- Publication year
- Publication venue
- 2007 International Conference on Computational Intelligence and Security (CIS 2007)
External Links
Snippet
Safaa O. Al-Mamory Hong Li Zhang School of Computer Science, School of Computer Science, Harbin Institute of technology, Harbin Institute of technology, Harbin, China Harbin, China Safaa_vb@ yahoo. com zhl@ pact518. hit. edu. cn Abstract Intrusion alert correlation …
- 238000000034 method 0 abstract description 8
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Patcha et al. | An overview of anomaly detection techniques: Existing solutions and latest technological trends | |
| Ning et al. | Intrusion detection techniques | |
| EP1995929B1 (en) | Distributed system for the detection of eThreats | |
| Rahman et al. | Adaptive intrusion detection based on boosting and naïve Bayesian classifier | |
| JP5248612B2 (en) | Intrusion detection method and system | |
| Karimi et al. | Feature ranking in intrusion detection dataset using combination of filtering methods | |
| Lagraa et al. | BotGM: Unsupervised graph mining to detect botnets in traffic flows | |
| Ning et al. | Hypothesizing and reasoning about attacks missed by intrusion detection systems | |
| CN101931570A (en) | A Network Attack Path Reconstruction Method Based on Frequent Pattern Growth Algorithm | |
| Gupta | An effective model for anomaly IDS to improve the efficiency | |
| Yan et al. | Early detection of cyber security threats using structured behavior modeling | |
| Lee et al. | Real-time analysis of intrusion detection alerts via correlation | |
| Balogun et al. | Anomaly intrusion detection using an hybrid of decision tree and K-nearest neighbor | |
| CN117668828A (en) | Malicious event detection method, device, equipment and computer readable storage medium | |
| Dwivedi et al. | Event correlation for intrusion detection systems | |
| CN115484062A (en) | Threat detection method, device and equipment based on APT attack graph | |
| Saboori et al. | Automatic firewall rules generator for anomaly detection systems with Apriori algorithm | |
| Lagzian et al. | Frequent item set mining-based alert correlation for extracting multi-stage attack scenarios | |
| El-Taj et al. | Intrusion detection and prevention response based on signature-based and anomaly-based: Investigation study | |
| Al-Mamory et al. | Scenario discovery using abstracted correlation graph | |
| Yongtang et al. | A multi-step attack-correlation method with privacy protection | |
| Al-Mamory et al. | New data mining technique to enhance IDS alarms quality | |
| Jakhale | Design of anomaly packet detection framework by data mining algorithm for network flow | |
| Nisha et al. | Sequential pattern analysis for event-based intrusion detection | |
| Li et al. | Discovering novel multistage attack strategies |