In this paper, we introduce an IDS alert correlator, which we call Extrusion Detection Guard. (EDGe), to detect infected hosts within a monitored network from.
IDS Alert Correlation in the Wild With EDGe | IEEE Journals & Magazine
ieeexplore.ieee.org › document
17 сент. 2014 г. · A large part of this paper focuses on characterizing 4,358 infections (13.4 new infections per day) detected with EDGe from a unique dataset of ...
Research [9] built an alert correlation model named EDGE, was able to detect a group of malware and its variants, with detected behavior showing multi-step ...
Abstract—Intrusion detection systems (IDSs) produce a large number of alerts, which overwhelm their operators, e.g., a deploy- ment of the popular Snort IDS ...
Pages / Article No. 1933 - 1946. Publisher. IEEE. Subject. Intrusion detection; Alert correlation; Malware; Snort; Malware measurements. Organisational ...
IDS Alert Correlation in the Wild With EDGe. Mendeley · CSV · RIS · BibTeX ; dc.contributor.author. Raftopoulos, Elias ; dc.contributor.author. Dimitropoulos, ...
IEEE journal on selected areas in communications : a publication of the IEEE Communications Society. , 2014, Vol.32(10), p.1933-1946 ,. IDS Alert ...
Вопросы по теме
What is alert correlation?
Which IDS detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures?
We use a 9-month long dataset of IDS alerts and we first build a novel heuristic to detect infected hosts from the on average 3 million alerts we observe per ...
A novel hierarchical event correlation model that promises to reduce the number of alerts issued by an intrusion detection system.
A new model of alert correlation using similarity approach is proposed to define the correlation between alert by analyzing the feature in alert flows ...