|
[1] Peng Ning, Yun Cui, Douglas S. Reeves, ”Analyzing Intensive Intrusion Alerts Via Correlation”. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, October 2002. [2] Peng Ning, Yun Cui, Douglas S. Reeves, ”Constructing Attack Scenarios through Correlation of Intrusion Alerts”. In Proceedings of the 9th ACM Conference on Computer & Communications Security, Washington D.C., November 2002. [3] P. Ning, D. Reeves, and Yun Cui, “Correlating alerts using prerequisites of intrusions”. Technical Report TR-2001-13, North Carolina State University, Department of Computer Science, Dec. 2001. [4] H. Debar and A. Wespi, “Aggregation and correlation of intrusion-detection alerts”. In Recent Advances in Intrusion Detection, LNCS 2212, pages 85-103, 2001. [5] F. Cuppens and A. Miege, “Alert correlation in a cooperative intrusion detection framework”. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, May 2002. [6] F. Cuppens, “Managing alerts in a multi-intrusion detection environment”. 17th Annual Computer Security Applications Conference(ACSAC). New-Orleans, December 2001. [7] A. Valdes and K. Skinner, “Probabilistic alert correlation”. In Proceedings of the 4th Int'l Symposium on Recent Advances in Intrusion Detection (RAID 2001), pages 54-68, 2001. [8] S. Templeton and K. Levit, “A requires/provides model for computer attacks”. In Proceedings of New Security Paradigms Workshop, pages 31-38. September 2000. [9] F. Cuppens and R. Ortalo. “LAMBDA: A language to model a database for detection of attacks”. In Proceedings of Recent Advances in Intrusion Detection (RAID 2000), pages 197—216, September 2000. [10] Ning, P. and Xu, D. “Adapting query optimization techniques for efficient intrusion alert correlation”. Technical Report TR-2002-14, North Carolina State University, Department of Computer Science, September 2002. [11] Vigna, G. and Kemmerer, R.A. “NetSTAT: A network-based intrusion detection system”. In Journal of Computer Security 7, pages 37—71, 1999 [12] Sheyner, O., Haines, J., Jha, S., Lippmann, R. and Wing, J. “Automated generation and analysis of attack graphs”. In Proceedings of IEEE Symposium on Security and Privacy, May 2002. [13] John McHugh, Alan Christie, and Julia Allen. “Intrusion detection implementation and operational issues”. CERT, January 2001. [14] D. Curry and H. Debar “Intrusion detection message exchange format data model and extensible markup language (xml) document type definition”. draft-ietf-idwg-idmef-xml-10.txt, January 2003. [15] MIT Lincoln Lab. 2000 DARPA intrusion detection scenario specific datasets. http://www.ll.mit.edu/IST/ideval/data/2000/2000 data index.html, 2000. [16] F. Cuppens, F. Autrel, and A. Miege, “Correlation in an intrusion detection process”. In Internet Security Communication Workshop (SECI'02), Tunis, Septembre 2002. [17] C. Geib and R. Goldman. “Plan Recognition in Intrusion Detection Systems”. In DARPA Information Survivability Conference and Exposition (DISCEX), June 2001. [18] Ulf Lindquist and Philip Porras. “Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-Best)”. In IEEE Symposium on Security and Privacy, Oakland, USA, 1999. [19] Staniford, S., Hoagland, J. and McAlerney, J. “Practical automated detection of stealthy portscans”. In Journal of Computer Security, 2002. [20] AT & T Research Labs. GraphViz — open source graph layout and drawing software. [21] CERT, http://www.cert.org [22] Snort, http://www.snort.org [23] Security Focus, http://online.securityfocus.com [24] X-Force, http://www.iss.net [25] CVE, http://cve.mitre.org [26] White Hats, http://www.whitehats.com
|