2014
DOI: 10.1007/978-3-319-05302-8_10
|View full text |Cite
|
Sign up to set email alerts
|

ONTIDS: A Highly Flexible Context-Aware and Ontology-Based Alert Correlation Framework

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

1
14
0
1

Year Published

2015
2015
2023
2023

Publication Types

Select...
4
2
1

Relationship

1
6

Authors

Journals

citations
Cited by 34 publications
(16 citation statements)
references
References 5 publications
1
14
0
1
Order By: Relevance
“…Figure shows the island‐hopping attack graph. The generated attack graph is also comparable with the attack graphs of the first scenario that was reported in the previous research works such as .…”
Section: Discussionsupporting
confidence: 75%
See 2 more Smart Citations
“…Figure shows the island‐hopping attack graph. The generated attack graph is also comparable with the attack graphs of the first scenario that was reported in the previous research works such as .…”
Section: Discussionsupporting
confidence: 75%
“…For the other scenarios, we could not have all event types of them because of the problems in logging process, and (4) since being able to evaluate our proposed framework in detecting the complete attack scenario, we should compare our work with the previous works. Some existing works like reported only the results of this attack scenario .…”
Section: Discussionmentioning
confidence: 99%
See 1 more Smart Citation
“…Cuppens and Ortalo (2000); Cheung et al (2003); Steven Eckmann (2002); Cédric Michel (2001) proposed LAMBDA, CAML, STATL, and ADELE respectively. More recent work in case-based models include work by Zali et al (2013) and Alireza Sadighian (2013). Although these provide high-quality correlations capturing known attacks, their limitation is that they are difficult to implement and maintain on large-scale complex networks.…”
Section: Related Workmentioning
confidence: 99%
“…Timely investigation of system intrusions remains a notoriously difficult challenge [66,94,96]. While security monitoring tools provide an initial notification of foul play [13,41,86,91,95,97], these indicators are rarely sufficient in and of themselves. Instead, crafting an appropriate response to a security incident often requires scouring terabytes of audit logs to determine an adversary's method of entry, how their reach spread through the system, and their ultimate mission objective.…”
Section: Introductionmentioning
confidence: 99%