False alarm minimization techniques in signature-based intrusion detection systems: A survey
N Hubballi, V Suryanarayanan - Computer Communications, 2014 - Elsevier
A network based Intrusion Detection System (IDS) gathers and analyzes network packets
and report possible low level security violations to a system administrator. In a large network …
and report possible low level security violations to a system administrator. In a large network …
Systematic literature review of security event correlation methods
Security event correlation approaches are necessary to detect and predict incremental
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …
A systematic survey on multi-step attack detection
Since the beginning of the Internet, cyberattacks have threatened users and organisations.
They have become more complex concurrently with computer networks. Nowadays …
They have become more complex concurrently with computer networks. Nowadays …
Feature selection using information gain for improved structural-based alert correlation
Grouping and clustering alerts for intrusion detection based on the similarity of features is
referred to as structurally base alert correlation and can discover a list of attack steps …
referred to as structurally base alert correlation and can discover a list of attack steps …
Dealing with security alert flooding: using machine learning for domain-independent alert aggregation
Intrusion Detection Systems (IDS) secure all kinds of IT infrastructures through automatic
detection of malicious activities. Unfortunately, they are known to produce large numbers of …
detection of malicious activities. Unfortunately, they are known to produce large numbers of …
RTECA: Real time episode correlation algorithm for multi-step attack scenarios detection
Today, from information security perspective, prevention methods are not enough solely.
Early Warning Systems (EWSs) are in the category of reactive methods. These systems are …
Early Warning Systems (EWSs) are in the category of reactive methods. These systems are …
Alert correlation algorithms: A survey and taxonomy
Alert correlation is a system which receives alerts from heterogeneous Intrusion Detection
Systems and reduces false alerts, detects high level patterns of attacks, increases the …
Systems and reduces false alerts, detects high level patterns of attacks, increases the …
Systematic review and quantitative comparison of cyberattack scenario detection and projection
Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in
order to detect malicious activity and policy violations. Because IDSs have a large number of …
order to detect malicious activity and policy violations. Because IDSs have a large number of …
Intrusion alert prioritisation and attack detection using post-correlation analysis
Event Correlation used to be a widely used technique for interpreting alert logs and
discovering network attacks. However, due to the scale and complexity of today's networks …
discovering network attacks. However, due to the scale and complexity of today's networks …
A comprehensive approach for network attack forecasting
M GhasemiGol, A Ghaemi-Bafghi, H Takabi - computers & security, 2016 - Elsevier
Forecasting future attacks is a big challenge for network administrators because future is
generally unknown. Nevertheless, some information about the future can help us make …
generally unknown. Nevertheless, some information about the future can help us make …