R. Giomundo scite author profile

In this paper, we present a method of handling the visualization of hetereogeneous event traffic that is generated by intrusion detection sensors, log files and other event sources on a computer network from the point of view of detecting multistage attack paths that are of importance. We perform aggregation and correlation of these events based on their semantic content to generate Attack Tracks that are displayed to the analyst in real-time. Our tool, called the Event Correlation for Cyber-Attack Recognition System (EC-CARS) enables the analyst to distinguish and separate an evolving multistage attack from the thousands of events generated on a network. We focus here on presenting the environment and framework for multistage attack detection using ECCARS along with screenshots that demonstrate its capabilities.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

R. Giomundo

Real-Time Multistage Attack Awareness Through Enhanced Intrusion Alert Clustering

Understanding multistage attacks by attack-track based visualization of heterogeneous event streams

Contact Info

Product

Resources

About