Correlation and fusion of intrusion alerts to provide effective Situation Awareness of cyber-attacks has become an active area of research. Snort is the most widely deployed intrusion detection sensor. For many networks and their system administrators, the alerts generated by Snort are the primary indicators of network misuse and attacker activity. However, the volume of the alerts generated in typical networks makes real-time attack scenario comprehension dif-cult. This paper present an attack-stage oriented classification of alerts using Snort as an example, and demonstrate that this effectively improves real-time Situation Awareness of multistage attacks. It also incorporate this scheme into a real-time attack detection framework and prototype presented by the authors in previous work and provide some results from testing against multistage attack scenarios.
Did you find this white paper useful?
1 out of 2 users found this white paper useful
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Stop Spam and Email-Borne Threats With Symantec's New Hosted Mail Security Solution
Organizations of all sizes are coping with threats to business productivity and security from spam, viruses and worms, and other email-borne content. To combat these attacks, Symantec provides industry-leading email...
Securing SMBs Against Spam and Virus Threats
This white paper from St. Bernard Software explains why spam and viruses are particularly tough to eliminate in small- and medium-sized businesses (SMBs) that can't dedicate IT staff to combating...
Streamline User Administration with Novell Nsure Identity Manager 2
This information-packed white paper provides an in-depth look at the capabilities that are built into Novell Nsure Identity Manager 2, which provides an identity management foundation for account provisioning, security,...
Reduce the Risk of Costly Data Breaches: Three Pillars of Data Protection
There are numerous regulations that govern the protection of private, personal and confidential data regardless of whether the data resides on a secure mainframe computer, desktop PC or mobile device...
