|
[1] S. H. Ahmadinejad, and S. Jalili, “Alert correlation using correlation probability estimation and time windows,” International conference on computer technology and development , vol. 2, pp. 170–175, 2009.
[2] S. H. Ahmadinejad, S. Jalili, and M. Abadi, “A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs,” Computer Networks, vol. 55, pp. 2221-2240, 2011.
[3] F. Cuppens, and A. Miege, “Alert correlation in a cooperative intrusion detection framework,” Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 202–215, 2002.
[4] F. Cuppens and R. Ortalo, “Lambda: A language to model a database for detection of attacks,” Proc. Recent Advances in Intrusion Detection, 3rd International Symposium, (RAID 2000), LNCS 1907, Springer-Verlag, Toulouse, France, Oct. 2000, pp. 197-216.
[5] S. T. Eckmann, G. Vigna, and R. A. Kemmerer, “STATL: an attack language for state-based intrusion detection,” Journal of Computer Security, vol. 10, no. 1-2, 2002, pp. 71-103.
[6] F. Kavousi and B. Akbari, “Automatic Learning of Attack Behavior Patterns Using Bayesian Networks,” Sixth International Symposium on Telecommunications (IST), pp. 999-1004, Nov. 2012.
[7] S. Lagzian, F. Amiri, A. Enayati and H. Gharaee, “Frequent Item set mining-based Alert Correlation for Extracting multi-stage Attack Scenarios,” Sixth International Symposium on Telecommunications (IST), pp. 1010-1014, Nov. 2012.
[8] S. Lee, B. Chung, H. Kim, Y. Lee, C. Park, and H. Yoon, “Real-time analysis of intrusion detection alerts via correlation,” Computers &; Security, vol. 25, no. 3, pp. 169-183, 2006.
[9] M. Marchetti, M. Colajanni and F. Manganiello, “Identification of correlated network intrusion alerts,” Third International Workshop on Cyberspace Safety and Security (CSS), pp. 15-20, Sep. 2011.
[10] P. Ning, Y. Cui, and D. S. Reeves, “Constructing Attack Scenarios through Correlation of Intrusion Alerts,” in Proceedings of the 9th ACM conference on Computer and communication security, pp. 245-254, New York, USA: ACM Press, Nov. 2002.
[11] P. Ning, Y. Cui, D. S. Reeves, and D. Xu, “Techniques and Tools for Analyzing Intrusion Alerts,” ACM Transactions on Information and System Security (TISSEC), vol. 7, no. 2, pp. 274-318, May 2004.
[12] X. Ou, S. Govindavajhala, and A. W. Appel “MulVAL: A Logic-based Network Security Analyzer,” 14th USENIX Security Symposium, pp. 113–128, 2005.
[13] X. Qin, and W. Lee, “Statistical causality analysis of INFOSEC alert data,” Recent Advances in Intrusion Detection (RAID), LNCS, vol. 2820, pp. 73-93, 2003.
[14] H. Ren, N. Stakhanova, and A.A. Ghorbani, “An online adaptive approach to alert correlation,” Proceedings of the 17th international conference on Detection of intrusions and malware, and vulnerability assessment, LNCS, vol. 6201, pp. 153–172, 2010.
[15] S. J. Templeton and K. Levitt, “A requires/provides model for computer attacks,” Proceedings of the 3rd ACM workshop on new security paradigms, pp. 31-38, 2000.
[16] A. Xie, G. Chen, Y. Wang, Z. Chen and J. Hu, "A New Method to Generate Attack Graphs," Third IEEE International Conference on Secure Software Integration and Reliability Improvement (SSIRI), pp. 401-406, July 2009.
[17] B. Zhu, and A. A. Ghorbani, “Alert Correlation for Extracting Attack Strategies,” International journal of network security, vol. 3, no. 3, pp. 244–258, Nov. 2006.
[18] S. Zhang, J. Li, X. Chen, and L. Fan, “Building network attack graph for alert causal correlation,” Computers &; Security, vol. 27, issuse 5-6, pp. 188-196, Oct. 2008.
[19] L. Zhiming, L. Sheng, H. Jin, X. Di and D. Zhantao, “Complex Network Security Analysis based on Attack Graph Model,” Second International Conference on Instrumentation, Me asurement, Computer, Communication and Control (IMCCC), pp.183-186, Dec. 2012.
[20] MIT Lincoln Laboratory, 2000 Darpa Intrusion Detection Scenario Specific Data Sets, 2000. Available: http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/
|