White Papers

Real-Time Multistage Attack Awareness Through Enhanced Intrusion Alert Clustering

Category: Security

Tags: real-time, network

Overview Correlation and fusion of intrusion alerts to provide effective Situation Awareness of cyber-attacks has become an active area of research. Snort is the most widely deployed intrusion detection sensor. For many networks and their system administrators, the alerts generated by Snort are the primary indicators of network misuse and attacker activity. However, the volume of the alerts generated in typical networks makes real-time attack scenario comprehension dif-cult. This paper present an attack-stage oriented classification of alerts using Snort as an example, and demonstrate that this effectively improves real-time Situation Awareness of multistage attacks. It also incorporate this scheme into a real-time attack detection framework and prototype presented by the authors in previous work and provide some results from testing against multistage attack scenarios.

Download White Paper

By downloading you agree to our Terms and Conditions. These include information regarding use of your personal data.

Publisher
University at Buffalo
File Format
PDF
Date Published
Apr 11, 2008
Format
White Papers
Topics
Intrusion Detection Systems, Security Tools

Similiar White Papers

Web Application Security: Automated scanning versus manual penetration testing

Web Application Security: Automated scanning versus manual penetration testing

Research has shown that a vast number of Web sites are vulnerable to application attacks, most occurring over HTTP/S pro

Publisher: IBM  |  Tags: penetration testing

A Neural Network Based System for Intrusion Detection and Classification of Attacks

A Neural Network Based System for Intrusion Detection and Classification of Attacks

With the rapid expansion of computer networks during the past decade, security has become a crucial issue for computer s

Publisher: Queen's University  |  Tags: network

Security: New strides in preventing intrusions.

Security: New strides in preventing intrusions.

Need help eliminating risk in your IT environment? This ForwardView webshow describes how security appliances, which inc

Publisher: IBM

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

ATLANTIDES: An Architecture for Alert Verification in Network Intrusion Detection Systems

This paper presents an architecture1 designed for alert verification (i.e., to reduce false positives) in network intrus

Publisher: University of Twente  |  Tags: false positives, network, server

Using Artificial Intelligence in Intrusion Detection Systems

Using Artificial Intelligence in Intrusion Detection Systems

Artificial Intelligence could make the use of Intrusion Detection Systems a lot easier than it is today. They could lear

Publisher: Helsinki University of Technology

University at Buffalo White Papers

SpyCon: Emulating User Activities to Detect Evasive Spyware

SpyCon: Emulating User Activities to Detect Evasive Spyware

The success of any spyware is determined by its ability to evade detection. Although traditional detection methodologies

Publisher: University at Buffalo  |  Tags: data, data mining, network, spyware

SWAN: A Secure Wireless LAN Architecture

SWAN: A Secure Wireless LAN Architecture

Existing Wireless LAN (WLAN) security schemes are few and product specific. While there exist some schemes for Informati

Publisher: University at Buffalo

IT Investment Strategy

IT Investment Strategy

The 90's saw a period of unprecedented creativity and investment in IT, launched by the emergence of the Internet as a w

Publisher: University at Buffalo  |  Tags: search engine