2010 IEEE International Conference on Progress in Informatics and Computing 2010
DOI: 10.1109/pic.2010.5687402
|View full text |Cite
|
Sign up to set email alerts
|

Detection of coordinated attacks using alert correlation model

Abstract: 1, m.akh1aq2 2 , i.u.awan 3 , a.j.cullen 4 }@bradford.ac.uk AhstractAlerts correlation techniques have been widely used to provide intelligent and stateful detection methodologies. This is to understand attack steps and predict the expected sequence of events. However, most of the proposed systems are based on rule -based mechanisms which are tedious and error prone. Other methods are based on statistical modeling; these are unable to identify causal relationships between the events. In this paper, an improved… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
8
0

Year Published

2013
2013
2022
2022

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(8 citation statements)
references
References 11 publications
0
8
0
Order By: Relevance
“…So, how pattern recognition systems learn is based on four learning pivots: pattern adaption, hybrid adaption, neural networks and statistical identification which are not necessarily independent. In some cases, a composition of these methods is used [14].…”
Section: Evidential Fusion For Improvement Of Cyber Threat Pattern Rementioning
confidence: 99%
“…So, how pattern recognition systems learn is based on four learning pivots: pattern adaption, hybrid adaption, neural networks and statistical identification which are not necessarily independent. In some cases, a composition of these methods is used [14].…”
Section: Evidential Fusion For Improvement Of Cyber Threat Pattern Rementioning
confidence: 99%
“…Both of them have their own advantages and disadvantages in detecting intrusion alerts. As highlighted, the correctness and accuracy of the alerts are questionable particularly if the majority of the alerts are false positives [2]. This is a main problem for security analyst when the IDSs are generating a large number of alerts daily with mixed false positives and repeated warning for the same attack or alert notifications from erroneous activity.…”
Section: Expert System and Data Miningmentioning
confidence: 99%
“…The hackers gain unauthorized access to user's system by taking advantage of network and system vulnerabilities and carry out malicious activities in order to gain profits and bolster their reputation. The current trend in cyber-attacks are hidden, coordinated and slow-and-low [2]. Hence, Intrusion Detection Systems (IDSs) are considered a vital security defense to analyze audit events such as log records, network packets and the like in order to detect and respond to the malicious network traffic and computer misuse.…”
Section: Introductionmentioning
confidence: 99%
“…In general, an attacker conducts the bots to launch a variety of types of attacks such as phishing and spamming with a botn et, and then receives benefits from a variety of aspects such as economy and social security. Most of methods to detect bot's activities according to predefined patterns and signatures retrieved from well-known bots 3,4,5,6,7,8 . Although signature-based approaches are able to detect bots accurately, it is difficult to detect botnet in real time.…”
Section: Introductionmentioning
confidence: 99%