Correlated Alerts and Non-Intrusive Alerts

Dhanakoti, V.; Nedunchezh, R.

doi:10.3923/ijscomp.2012.302.309

Cited by 5 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the massive security data issues, Tiwari [1] reviewed the new challenges for information security after the information explosion, and Liu [2] proposed the method of monitoring network security events using network security big data. Alert correlated analysis in big data analyzes the massive altering messages generated by detecting tools, it mainly focuses on alert aggregation, attack validation, and alert correlation, which deploys the alarm attribute similarity calculation method [3] [4]. The network and host security correlation analysis methods reference the ideas of recommendation algorithms, which associate host information in network based on the similarity of network node flow and host abnormality degrees [5] [6].…”

Section: Introductionmentioning

confidence: 99%

A Framework for Big Data Security Analysis and the Semantic Technology

Yao

Zhang

et al. 2016

2016 6th International Conference on IT Convergence and Security (ICITCS)

View full text Add to dashboard Cite

The emerging security analysis challenge in big data environment is getting more attention of security industry and research institute. The current problems are mainly about the volume of security data and the understanding of the data. To solve the problems, we should employ the big data technology, and meantime, consider the semantic processing methods. In this paper, we combine the big data processing with semantic methods and propose a framework for security analysis in big data era with semantics. In this framework, we can merge multisources security data, and process and analyze data using semantic connection knowledge, which is supposed to understand security data semantically and process data with semantic association and inference methods. The proposed framework can be worked with current threat intelligence sharing and exchanging mechanism.

show abstract

Section: Introductionmentioning

confidence: 99%

A Framework for Big Data Security Analysis and the Semantic Technology

Yao

Zhang

et al. 2016

2016 6th International Conference on IT Convergence and Security (ICITCS)

View full text Add to dashboard Cite

show abstract

“…In anomalybased case, they need learning process and detection is more complex. In addition, attack detection techniques are far from satisfactory [1]. In fact, solutions like IDSs provide unmanageable amount of alarms to security administrators and these thousands of alarms by day are hard to inspect especially if the majority of them are false positives.…”

Section: Introductionmentioning

confidence: 99%

Toward a novel classification-based attack detection and response architecture

Souissi

2015

2015 6th International Conference on the Network of the Future (NOF)

View full text Add to dashboard Cite

International audienceAttacks on information systems have increased tremendously and have become more diverse and complex. Evolving in an unpredictable manner and having devastating outcomes, the detection and the selection of appropriate countermeasures has become a priority for security analysts. This paper introduces a classification-based Attack Detection system which provides a framework to evaluate, identify, classify and defend against sophisticated attacks. Our approach helps simplify complex rules' expression and alert handling, thanks to a modular architecture and an intuitive rules defining with a high power of expression language. The proposed system is flexible and takes into account several attack properties in order to simplify attack handling and aggregate defense mechanisms

show abstract

“…For a matter of formalism simplicity and better performances, some approaches offer adapted solutions for a kind or two of attacks or a certain type of flow. However, unlike attacks that evolve very quickly, they are neither extensible nor scalable and they are far from satisfactory [1]. Moreover, actually, many security devices are from different constructors, open source or not, offering different formalisms.…”

Section: Introductionmentioning

confidence: 99%

Toward a novel rule-based attack description and response language

Souissi

2015

2015 11th International Conference on Information Assurance and Security (IAS)

View full text Add to dashboard Cite

In recent years, attacks have become more diverse and complex, their detection has emerged as a major issue and a primary security challenge. There is a need to represent and share information about these attacks. This paper presents a new language for attack detection and response. The objective is to simplify complex rules' expression, thanks to a modular and intuitive syntax that gives a high power of expression. The originality of our approach is that rules' syntax can be deduced from a certain behavior or automatically generated from a valid behavioral scenario. The paper presents the main concepts behind the proposed approach that deals with the growing complexity of information systems, applications and attacks.

show abstract

Correlated Alerts and Non-Intrusive Alerts

Cited by 5 publications

References 8 publications

A Framework for Big Data Security Analysis and the Semantic Technology

A Framework for Big Data Security Analysis and the Semantic Technology

Toward a novel classification-based attack detection and response architecture

Toward a novel rule-based attack description and response language

Contact Info

Product

Resources

About