| Publisher | University at Buffalo | ||
|---|---|---|---|
| Format | 142.9KB PDF | Date added | 01 Dec 2007 |
| Topics | Security Tools, Intrusion Detection Systems | ||
| Downloads | 14 | ||
Correlation and fusion of intrusion alerts to provide effective Situation Awareness of cyber-attacks has become an active area of research. Snort is the most widely deployed intrusion detection sensor. For many networks and their system administrators, the alerts generated by Snort are the primary indicators of network misuse and attacker activity. However, the volume of the alerts generated in typical networks makes real-time attack scenario comprehension dif-cult. This paper present an attack-stage oriented classification of alerts using Snort as an example, and demonstrate that this effectively improves real-time Situation Awareness of multistage attacks. It also incorporate this scheme into a real-time attack detection framework and prototype presented by the authors in previous work and provide some results from testing against multistage attack scenarios.
Did you find this white paper useful?
8 out of 18 users found this white paper useful
Related white papers
Compliance with Data Handling Procedures in UK Government
The UK Data Handling Procedures in Government Report set out clear and mandatory procedures to be followed by all government employees that have access to and responsibility for citizen data....
Not an End In Itself: Information Protection and Return on Risk
Information protection, a core discipline of information stewardship, must balancing rick mitigation with utility. This white paper deals with the shift in "is this technology secure enough" to "we can...
IDENTITY AND ACCESS MANAGEMENT
This CA whitepaper explores how a comprehensive identity and access management solution can help reduce security risk and achieve easier compliance
Beyond URL Filtering: Why a Secure Web Gateway is the answer
"The Internet is a vital part of business life, but one that also exposes employees and employers to significant security threats. Download this whitepaper to learn about various web-based threats, and...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Lumension Security Application Scanner
The Lumension Security Application Scanner is a network-based scanning utility that provides IT departments and executives the ability to discover what applications are running within a network. Unwanted and unauthorized applications...
Not All Malware Detection is Created Equal
The internet is now the number-one conduit for infecting users with malware. Sophos detects a new infected web page every few seconds. This white paper outlines the terms you need...
