Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fusing A Heterogeneous Alert Stream Into Scenarios

Published byAgus Doddy Atmadja Modified over 6 years ago

Similar presentations

Presentation on theme: "Fusing A Heterogeneous Alert Stream Into Scenarios"— Presentation transcript:

1 Fusing A Heterogeneous Alert Stream Into Scenarios
O. Dain and R.K. Cummingham From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

2 Objective To combine alerts (generated by multiple IDSs in an organization) into scenarios Each scenario is a sequence of actions performed by a single actor or an organization To group alerts that share a common cause False alarm probabilities are assigned to scenarios rather than individual alerts For each new alarm generated, compare it to existing scenarios and compute probability that it belongs to that

3 Data Mining Techniques
Used to assign probabilities for an alert to belong to a scenario---to provide better predictive power Since attackers often use the same tools or attack types, many features were included to indicate if any previous alerts in the scenario are the exact same type as the current alert and if the most recent alert in the scenario is the same as the new alert Attackers focus on a single host---so destination address is one of the features

Download ppt "Fusing A Heterogeneous Alert Stream Into Scenarios"

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
Test practice Multiplication. Multiplication 9x2.

Test practice Multiplication. Multiplication 9x2.
Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.
Date : 21 st of May, 2014. Shri Ramdeo Baba College of Engineering and Management Presentation By : Rimjhim Singh Under the Guidance of: Dr. M.B. Chandak.

Date : 21 st of May, Shri Ramdeo Baba College of Engineering and Management Presentation By : Rimjhim Singh Under the Guidance of: Dr. M.B. Chandak.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.

1 Anomaly Detection Using GAs Umer Khan 28-sept-2005.
Stream Control Transmission Protocol 網路前瞻技術實驗室 陳旻槿.

Stream Control Transmission Protocol 網路前瞻技術實驗室 陳旻槿.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
School of Computer Science and Information Systems

School of Computer Science and Information Systems
Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.

Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Chapter 5 Data mining : A Closer Look.

Chapter 5 Data mining : A Closer Look.
Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?

Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Similar presentations

Ads by Google