ALERT CLASSIFICATION TO REDUCE FALSE POSITIVES IN INTRUSION DETECTION
|
|
- Mae Leonard
- 8 years ago
- Views:
Transcription
1 ALERT CLASSIFICATION TO REDUCE FALSE POSITIVES IN INTRUSION DETECTION July 2006 Dissertation zur Erlangung des Doktorgrades der Fakultät für Angewandte Wissenschaften der Albert-Ludwigs-Universität Freiburg im Breisgau Tadeusz Pietraszek Institut für Informatik, Albert-Ludwigs-Universität Freiburg Georges-Köhler-Allee 52, Freiburg i. Br., Germany
2 Dekan: Erstreferent: Zweitreferent: Prof. Dr. Jan G. Korvink Prof. Dr. Luc De Raedt Prof. Dr. Johannes Fürnkranz Tag der Disputation:
3 A new star has been discovered, which doesn t mean that things have gotten brighter or that something we ve been missing has appeared.... Wis lawa Szymborska, Surplus [Szy00]
4
5 Erklärung Ich erkläre hiermit, dass ich die vorliegende Arbeit ohne unzulässige Hilfe Dritter und ohne Benutzung anderer als der angegebenen Hilfsmittel angefertigt habe. Die aus anderen Quellen direkt oder indirekt übernommenen Daten und Konzepte sind unter Angabe der Quelle gekennzeichnet. Insbesondere habe ich hierfür nicht die entgeltliche Hilfe von Vermittlungsoder Beratungsdiensten (Promotionsberaterinnen oder Promotionsberater oder anderer Personen) in Anspruch genommen. Niemand hat von mir unmittelbar oder mittelbar geldwerte Leistungen für Arbeiten erhalten, die im Zusammenhang mit dem Inhalt der vorgelegten Dissertation stehen. Die Arbeit wurde bisher weder im In- noch im Ausland in gleicher oder ähnlicher Form einer anderen Prüfungsbehörde vorgelegt. Desweitern habe ich mich nicht bereits und bewerbe ich mich auch nicht gleichzeitig an einer in- oder ausländischen wissenschaftlichen Hochschule um die Promotion. I hereby certify that the work embodied in this thesis is the result of original research and has not been submitted for a higher degree to any other university or institution. Zürich, Switzerland July 4, 2006 Tadeusz Pietraszek 5
6 6
7 Contents Acknowledgments Abstract Zusammenfassung List of Figures List of Tables v vii ix xi xiii 1 Introduction Motivation False Positives Existing Solutions Introducing the Analyst: The Global Picture of Alert Management Why Learning Alert Classifiers Works and Why It is a Difficult Learning Problem Classifying Alerts: False Positives, True Positives or Other Classes? Thesis Statement and Contributions Overview Intrusion Detection and Machine-Learning Background Intrusion Detection Intrusion Detection Systems Two examples of IDSs Conclusions Machine Learning Classification Basic Techniques Evaluating Classifiers ROC Analysis Unsupervised Techniques Summary State of the Art Multiple Facets of Related Work Building IDSs Using Machine Learning Spam Filtering i
8 ii CONTENTS 3.4 Interface Agents Alert Correlation Frequent Episodes & Association Rules Sensor Profiling CLARAty Data Mining and Root Cause Analysis Summary Datasets Used Datasets Available Datasets Used & Alert Labeling Alert Representation DARPA 1999 Data Set Data Set B MSSP Datasets Summary Adaptive Alert Classification ALAC Adaptive Learner for Alert Classification Recommender Mode Agent Mode Background Knowledge Choosing Machine-Learning Techniques Learning an Interpretable Classifier from Examples Background Knowledge and Efficiency Confidence of Classification Applying RIPPER to ALAC Cost-Sensitive and Binary vs. Multi-Class Classification Batch-Incremental Learning ALAC Evaluation Evaluation Methodology Background Knowledge Results Obtained with DARPA 1999 Data Set Results Obtained with Data Set B Understanding the Rules Conclusions Summary Abstaining Classifiers using ROC Analysis Introduction Background ROC-Optimal Abstaining Classifier Cost-Based Model Bounded Models Bounded-Abstention Model Bounded-Improvement Model Experiments Constructing an Abstaining Classifier
9 CONTENTS iii Testing Methodology Results Cost-Based Model Results Bounded Models Alternative Representations to ROC Curves Precision-Recall and ROC Curves DET Curves Cost Curves Related Work Conclusions and Future Work ALAC+ An Alert Classifier with Abstaining Classifiers ALAC Meets with Abstaining Classifiers The Problem with Rule Learners ALAC+ Evaluation Choosing Evaluation Models for ALAC Setting System Parameters Cost Results Conclusions Summary Combining Unsupervised and Supervised Learning Why Unsupervised Learning Makes Sense Retrospective Alert Analysis Subsequent Alert Classification CLARAty Algorithm Description Generalization Hierarchies CLARAty Algorithm Cluster Descriptions and Filtering Automated Cluster-Processing System CLARAty Evaluation Evaluation Methodology Setting System Parameters Cluster Persistency Number of Clusters and Total Coverage Automated Cluster Processing Cluster Precision and Recall Clustering Precision and Recall Charts Conclusions Combining Clustering with ALAC in a Two-Stage Alert-Classification System CLARAty and ALAC Evaluation ROC analysis DARPA 1999 Data Set Data Set B MSSP Datasets Conclusions Summary
10 iv CONTENTS 9 Summary, Conclusions and Future Work Summary Conclusions Future Work A Alert Correlation 151 A.1 Correlation Terminology A.2 Alert Correlation Systems A.2.1 Tivoli Aggregation and Correlation Component A.2.2 Probabilistic Alert Correlation A.2.3 Alert-Stream Fusion A.2.4 Hyper-alert Correlation A.2.5 Cooperative Intrusion Detection Framework A.2.6 Correlated Hacking Behavior A.2.7 M2D2 Formal Data Model A.2.8 Statistical Correlation Models A.2.9 Comprehensive IDS Alert Correlation B Abstaining Classifier Evaluation Results 161 C Clustering MSSP Datasets Results 173 Bibliography 184 Table of Symbols 199 Index 201
11 Acknowledgments efending a PhD is a one-man show, however, the process of pursuing one is definitely D not a one-person effort and I have a lot of people to thank for helping me in this stage of my life. First of all, I would like to thank my professor, Luc De Raedt, who saw value in my research and agreed to supervise it, providing support and giving directions for research. Being a remote PhD student working at IBM Zurich Research Lab is a special situation and I am really grateful that such an arrangement was possible. For all this and more, thank you, Luc. I would also like to thank Andreas Wespi, my former manager and mentor at IBM, for hiring me and supporting me during my PhD quest, always finding time for meetings and very thoroughly scrutinizing my work. I had greatly benefited from his experience in the field of intrusion detection and computer security. I would also like to thank Lucas Heusler, my current manager for giving me a lot of flexibility in doing my research, making the finishing of my PhD possible. During my PhD work I was greatly supported by my mentor, Klaus Julisch, who spent a considerable amount of time explaining the arcane of scientific work, forcing me to write and tirelessly correcting my scribbles. He also never hesitated to ask those difficult questions, which helped me to become a more mature researcher. I would like to thank the IBM Global Services Managed Security Services team, in particular Mike Fiori and Chris Calvert for allowing me to use their data and Jim Treinen and Ken Farmer for providing support on the technical side. I would also like to thank my friends at IBM, James Riordan & Daniela Bourges-Waldegg for being great friends, expanding my horizons (both scientific and non-scientific) through always interesting discussions and giving me (and other PhD students) a motto The goal of PhD is to finish it. I have had a great time with Diego Zamboni who, in spite of (or maybe rather because of) thinking of me as a very apt procrastinator and giving me motivation to work on my numerous pet projects, always found time to say Tadek, work on your thesis. During my stay in the lab, I have also met many interesting friends and colleagues: Chris Giblin, Marcel Graf, Christian Hörtnagl, Ulf Nielsen, Mike Nidd, René Pawlitzek, Ulrich Schimpel, Morton Schwimmer, Abhi Shelat, Dieter Sommer, Axel Tanner, and others, who provided an excellent and stimulating working environment and always had time for interesting discussions. Among my colleagues, special thanks go to my office-mate, Chris Vanden Berghe for putting up with me in one office during these three years, always-interesting discussions and arguments, and many interesting ideas that got born this way. I am also grateful to the friendly people who volunteered to read through, and give me invaluable comments on this dissertation and its earlier versions: my professor Luc De Raedt, Birgit Baum-Waidner, Axel Tanner (also for the help with the German abstract) and Andreas v
12 vi Preface Wespi. Without your help this thesis would not have gotten to this stage. Clearly, I am solely responsible for any mistakes that had remained in the report. Last but not least, I am deeply indebted to my family for their everlasting support while abroad and having by far more faith in me than anybody else, including myself! My special thanks go to Annie for being the best girlfriend and a wonderful life companion and for putting up with me during the hectic time while working on my PhD. Zürich, Switzerland July 4, 2006 Tadeusz Pietraszek
13 Abstract Intrusion Detection Systems (IDSs) aim at detecting intrusions, that is actions that attempt to compromise the confidentiality, integrity and availability of computer resources. With the proliferation of the Internet and the increase in the number of networked computers, coupled with the surge of unauthorized activities, IDSs have become an integral part of today s security infrastructures. However, in real environments IDSs have been observed to trigger an abundance of alerts. Most of them are false positives, i.e., alerts not related to security incidents. This dissertation deals with the problem of false positives in intrusion detection. We propose the novel concept of training an alert classifier using a human analyst s feedback and show how to build an efficient alert classifier using machine-learning techniques. We analyze the desired properties of such a system from the domain perspective and introduce ALAC, an Adaptive Learner for Alert Classification, and its two modes of operation: a recommender mode, in which all alerts with their classification are forwarded to the analyst, and an agent mode, in which the system uses autonomous alert processing. We evaluate ALAC in both modes on real and synthetic intrusion detection datasets and obtain promising results: In our experiments ALAC reduced the number of false positives by up to 60% with acceptable misclassification rates. Abstaining classifiers are classifiers that in certain cases can refrain from classification, which is similar to a domain expert saying I don t know. Abstaining classifiers are advantageous over normal classifiers if they perform better than normal classifiers when they make a decision. In this dissertation we provide a clarification of the concept of optimal abstaining classifiers and introduce three different models, in which normal and abstaining classifiers can be compared: the cost-based model, the bounded-abstention model, and the bounded-improvement model. In the first cost-based model, the classifier uses an extended 2 3 cost matrix, whereas in the bounded models, the classifier uses a standard 2 2 cost matrix and boundary conditions: the abstention window or the desired cost improvement. Looking at a common type of abstaining classifiers, namely classifiers constructed from a single ROC curve, we provide efficient algorithms for selecting these classifiers optimally in each of these models. We perform an experimental validation of these methods on a variety of common benchmark datasets. Applying abstaining classifiers to ALAC, we introduce ALAC+, an extension of our alertclassification system. We select the most suitable abstaining classifier models and show that by using abstaining classifiers one can significantly reduce the misclassification cost. For example, in our experiments with a 10% abstention the system reduced the overall misclassification cost by up to 87%. This makes abstaining classifiers particularly suitable for alert classification. vii
14 viii Preface In the final part of this dissertation, we extend CLARAty, the state-of-the-art alert clustering system by introducing automated cluster processing, and show how the system can be used to investigate missed intrusions and correct initial analyst s classifications. Based on this, we build a two-stage alert-classification system in which alerts are processed by the automated cluster-processing system and then forwarded to ALAC. Our experiments with real and synthetic datasets showed that the automated cluster-processing system is robust and on average reduces the total number of alerts by 63% which further reduces the analyst s workload.
15 Zusammenfassung Eindringerkennungssysteme (Intrusion Detection Systems, abgekürzt IDSs) zielen auf die Erkennung von Angriffen, d.h. Aktionen, die versuchen die Konfidenzialität, Integrität und Verfügbarkeit von Computer-Resourcen zu kompromittieren. Durch das enorme Wachstum des Internets und der Zahl der vernetzten Computer bei gleichzeitiger starker Zunahme von nicht-autorisierten Aktivitäten sind IDSs zu einem integralen Bestandteil der typischen aktuellen Sicherheits-Infrastruktur geworden. In realen Umgebungen beobachtet man jedoch, daß IDSs sehr viele Alarme produzieren, dabei zu einem großen Teil auch Fehlalarme (false positives), d.h. Alarme, die keinen Sicherheits-Zwischenfällen entsprechen. Diese Dissertation beschäftigt sich mit dem Problem von Fehlalarmen in der Intrusion Detektion. Wir schlagen hierzu ein neuartiges Konzept vor, bei dem ein Alarm-Klassifizierer aus der Rückmeldung eines menschlichen Analysten lernen kann, und zeigen, wie ein solcher effizienter Alarm-Klassifizierer mit Hilfe der Techniken maschinellen Lernens erstellt werden kann. Wir analysieren die wünschenswerten Eigenschaften eines solchen Systems aus dem Blickwinkel der Domäne der Intrusion Detektion und stellen ALAC vor, den Adaptiven Lerner für Alarm- Klassifikation (Adaptive Learner for Alert Classification). ALAC hat zwei Betriebsarten: eine empfehlende Betriebsart (recommender mode), bei der alle Alarme mit ihrer Klassifikation an den Analysten weitergeleitet werden, und eine Betriebsart als Agent (agent mode), in welcher das System Alarme teilweise eigenständig verarbeitet. Wir evaluieren ALAC in beiden Modi mit realen und synthetischen Daten aus dem Gebiet der Intrusion Detektion und erhalten dabei viel versprechende Ergebnisse: ALAC reduziert in diesen Experimenten die Zahl der Fehlalarme um bis zu 60% bei annehmbaren Raten der Fehlklassifikation. Sich-enthaltende Klassifizierer (abstaining classifiers) nehmen in bestimmten Fällen keine Klassifizierung vor, ähnlich einem Ich weiß nicht eines Domain-Experten. Es besteht die Annahme, daß ein solcher Klassifizierer, der sich enthalten kann, insgesamt eine bessere Leistung bringen kann als normale Klassifizierer, die in jedem Fall eine Entscheidung treffen müssen. In dieser Dissertation klären wir das Konzept des optimalen sich-enthaltenden Klassifizierers und stellen drei verschiedene Modelle vor, in denen sie mit normalen Klassifizierern verglichen werden können: ein kosten-basiertes Modell, ein Modell mit begrenzter Enthaltung und ein Modell mit begrenzter Verbesserung. Im kosten-basierten Modell benutzt der Klassifizierer eine erweiterte 2 3 Kosten-Matrix, während in den anderen Modellen der Klassifizierer eine normale 2 2 Kosten-Matrix verwendet mit zusätzlichen Randbedingungen: der Menge der Alarme, bei denen sich der Klassifizierer enthält, beziehungsweise die gewünschte Verbesserung der Kosten. Für eine übliche Gruppe von sich-enthaltenden Klassifizierern, die ix
16 x Preface aus einer einzelnen ROC-Kurve hervorgehen, zeigen wir effiziente Algorithmen um diese Klassifizierer in optimaler Art auszuwählen in allen genannten Modellen. Diese Methoden werden experimentell bestätigt mit einer großen Zahl von Benchmark-Daten. Unter Anwendung von sich-enthaltenden Klassifizierern auf ALAC führen wir ALAC+ ein, eine Erweiterung unseres Alarm-Klassifikations-Systems. Wir wählen die am besten geeigneten sich-enthaltenden Klassifizierer und zeigen, daß dadurch die Fehlklassifikations-Kosten signifikant reduziert werden können. So reduzieren sich beispielsweise in unseren Experimenten bei 10% Enthaltung die allgemeinen Fehlklassifikations-Kosten um bis zu 87%. Dies macht sich-enthaltende Klassifizierer besonders geeignet für die Alarm-Klassifizierung. Im letzten Teil der Arbeit erweitern wir CLARAty, ein aktuelles Alarm-Clustering-System, durch die Einführung einer automatisierten Cluster-Verarbeitung und zeigen, wie das System dazu benutzt werden kann eventuell übersehene Angriffe zu untersuchen und initiale Klassifikationen eines Analysten zu korrigieren. Hierauf aufbauend entwickeln wir ein zweistufiges Alarm-Klassifikations-System, in welchen Alarme zuerst durch die automatisierte Cluster- Verarbeitung prozessiert und dann an ALAC weitergeleitet werden. Unsere Experimente mit realen und synthetischen Daten zeigen, daß das automatisierte Cluster-Verarbeitungs-System robust ist und die Gesamtzahl von Alarmen, und damit auch die Arbeitslast des Analysten, durchschnittlich um 63% reduziert.
17 List of Figures 1.1 Evolution of the scope for addressing false positives in intrusion detection. Shaded areas represent the scope discussed in the text The global picture of alert management Thesis outline The general architecture of an IDS (based on [Axe05]) Using CSSE to preserve the metadata of string representations and to allow late string evaluation. Shaded areas represent string fragments originating from the user A sample decision tree Examples of ROC and ROCCH curves and the cost-optimal classifier Multiple facets of related work Entity-relationship diagram of concepts used by CLARAty [Jul03b] Architecture of ALAC in agent and recommender modes Three types of background knowledge for classifying IDS alerts ROC curves for the base classifier used with different types of background knowledge. The fragments represent areas of practical interest (low falsepositive rates and high true-positive rates) False negatives and false positives for ALAC in agent and recommender modes (DARPA1999 dataset, w = 50) Number of alerts processed autonomously by ALAC in agent mode False negatives and false positives for ALAC in agent and recommender modes (Data Set B, w = 50) ROC performance for algorithms inducing rules for different classes: + and Abstaining classifier A α,β constructed using two classifiers C α and C β Optimal classifier paths in a bounded-abstention model Finding the optimal classifier in a bounded model: visualization of X Optimal classifier paths in a bounded-improvement model Building an abstaining classifier A α,β Cost-based model: Relative cost improvement and fraction of nonclassified instances for a representative dataset ( : CR = 0.5, : CR = 1, : CR = 2) Bounded-abstention model: Relative cost improvement and the absolute cost for one representative dataset ( : CR = 0.5, : CR = 1, : CR = 2) xi
18 xii LIST OF FIGURES 6.8 Bounded-improvement model: Fraction of nonclassified instances for a representative dataset ( : CR = 0.5, : CR = 1, : CR = 2) Conversion between sample ROC and P-R curves (N/P = 5) Conversion between sample P-R and ROC curves (N/P = 5). The ROCCH has been transferred back to the P-R curve Conversion between sample ROC and DET curves. Grid shows iso-cost lines at CR = 2 and Simplified architecture of ALAC with abstaining classifiers Classifiers for three different misclassification costs ICR = 1, ICR = 50 (used in the remaining experiments) and ICR = 200 (DARPA 1999, BA 0.1) Three main types of clusters: false-alert candidates, true-alert candidates, and mixed clusters for further analysis Semi-automated cluster processing Sample generalization hierarchies for address, port and time attributes Automated cluster processing creating features Automated cluster processing filtering The evaluation of alert clustering and filtering Cluster persistency for DARPA 1999 Data Set and Data Set B relative and absolute values. Arrows show cumulative cluster coverage in the clustering (begin of an arrow) and the filtering (end of an arrow) stages for individual clustering runs Estimating the fraction of alerts clustered and the fraction of alerts filtered as a function of the number of clusters learned. Curves correspond to individual clustering runs. Verticals line show the smallest argument for which the target function reaches 95% of its maximum value Clusters as filters for DARPA 1999 Data Set and Data Set B relative and absolute values. Missed positives in Figures 8.9b and 8.9d are calculated relative to the number of true alerts (P ) Total alert reduction for clusters as filters for all datasets relative and absolute values Clustering and filtering precision and recall for DARPA 1999 Data Set. Data shown cumulatively for all clustering runs, with FA-clusters suppressed Cluster 72194, describing a part of a portsweep attack ROC curves for two types of two-stage alert-classification systems: 2FC and 2FI, for DARPA 1999 Data Set and Data Set B Two-stage alert-classification system: False negatives and false positives for ALAC and two-stage ALAC (2FC, 2FI) in agent and recommender modes (DARPA1999 Data Set, ICR =50) Two-stage alert-classification system: Number of alerts processed autonomously by ALAC and two-stage ALAC (2FC, 2FI) in agent mode Two-stage alert-classification system: False negatives and false positives for ALAC and two-stage ALAC (2FC, 2FI) in agent and recommender modes (Data Set B, ICR =50) ROC curve for sample MSSP datasets
19 LIST OF FIGURES xiii B.1 Cost-Based Model: Experimental results with abstaining classifiers relative cost improvement B.2 Cost-based model: Experimental results with abstaining classifiers fraction of skipped instances B.3 Bounded model: Experimental results with abstaining classifiers relative cost improvement B.4 Bounded model: Experimental results with abstaining classifiers absolute cost values B.5 Expected improvement model: Experimental results with abstaining classifiers desired relative cost improvement vs. fraction of nonclassified instances B.6 Expected improvement model: Experimental results with abstaining classifiers desired absolute cost improvement vs. fraction of nonclassified instances B.7 ALAC+, DARPA 1999 Data Set, BA0.1: False-positive rates, false-negative rates, the abstention window and the fraction of discarded alerts in both agent and recommender modes B.8 ALAC+, Data Set B, BA0.1: False-positive rates, false-negative rates, the abstention window and the fraction of discarded alerts in both agent and recommender modes B.9 ALAC+, DARPA 1999 Data Set, BI0.5: False-positive rates, false-negative rates, the abstention window and the fraction of discarded alerts in both agent and recommender modes B.10 ALAC+, Data Set B, BI0.5: False-positive rates, false-negative rates, the abstention window and the fraction of discarded alerts in both agent and recommender modes C.1 Cluster persistency for 20 MSSP customers absolute values. X and Y axes labels are the same as in Figs. 8.7a and 8.7c C.2 Cluster persistency for 20 MSSP customers relative values. X and Y axes labels are the same as in Figs. 8.7b and 8.7d C.3 Estimating the fraction of instances clustered as a function of the number of clusters learned for 20 MSSP customers. X and Y axes labels are the same as in Figs. 8.8a and 8.8c C.4 Estimating the fraction of instances clustered as a function of the fraction of instances filtered for 20 MSSP customers. X and Y axes labels are the same as in Figs. 8.8b and 8.8d C.5 Cluster filtering for 20 MSSP customers absolute values. X and Y axes labels are the same as in Figs. 8.9a and 8.9c C.6 Cluster filtering for 20 MSSP customers relative values. X and Y axes labels are the same as in Figs. 8.9b and 8.9d C.7 Clustering precision for 20 MSSP customers clustering stage. X and Y axes are the same as in Fig. 8.11a C.8 Clustering precision for 20 MSSP customers filtering stage. X and Y axes are the same as in Fig. 8.11b C.9 Clustering recall for 20 MSSP customers clustering stage. X and Y axes are the same as in Fig. 8.11c C.10 Clustering recall for 20 MSSP customers filtering stage. X and Y axes are the same as in Fig. 8.11d
20 xiv LIST OF FIGURES
Detection. Perspective. Network Anomaly. Bhattacharyya. Jugal. A Machine Learning »C) Dhruba Kumar. Kumar KaKta. CRC Press J Taylor & Francis Croup
Network Anomaly Detection A Machine Learning Perspective Dhruba Kumar Bhattacharyya Jugal Kumar KaKta»C) CRC Press J Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationHow To Prevent Network Attacks
Ali A. Ghorbani Wei Lu Mahbod Tavallaee Network Intrusion Detection and Prevention Concepts and Techniques )Spri inger Contents 1 Network Attacks 1 1.1 Attack Taxonomies 2 1.2 Probes 4 1.2.1 IPSweep and
More informationCIS 433/533 - Computer and Network Security Intrusion Detection
CIS 433/533 - Computer and Network Security Intrusion Detection Professor Kevin Butler Winter 2011 Computer and Information Science Intrusion An Authorized Action (or subversion of auth)... That Can Lead
More informationIBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence
IBM Security Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence Peter Kurfürst Vertrieb IBM Security Lösungen Enterprise-Kunden Baden-Württemberg
More informationCS 5410 - Computer and Network Security: Intrusion Detection
CS 5410 - Computer and Network Security: Intrusion Detection Professor Kevin Butler Fall 2015 Locked Down You re using all the techniques we will talk about over the course of the semester: Strong access
More informationDouble guard: Detecting Interruptions in N- Tier Web Applications
Vol. 3, Issue. 4, Jul - Aug. 2013 pp-2014-2018 ISSN: 2249-6645 Double guard: Detecting Interruptions in N- Tier Web Applications P. Krishna Reddy 1, T. Manjula 2, D. Srujan Chandra Reddy 3, T. Dayakar
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationAn Incrementally Trainable Statistical Approach to Information Extraction Based on Token Classification and Rich Context Models
Dissertation (Ph.D. Thesis) An Incrementally Trainable Statistical Approach to Information Extraction Based on Token Classification and Rich Context Models Christian Siefkes Disputationen: 16th February
More informationThe Base Rate Fallacy and its Implications for the Difficulty of Intrusion Detection
The Base Rate Fallacy and its Implications for the Difficulty of Intrusion Detection Stefan Axelsson Presented by Kiran Kashalkar Agenda 1. 1. General Overview of of IDS 2. 2. Bayes Theorem and Base-Rate
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationIntrusion Detection Systems
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Intrusion Detection Systems CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationCSC574 - Computer and Network Security Module: Intrusion Detection
CSC574 - Computer and Network Security Module: Intrusion Detection Prof. William Enck Spring 2013 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationMACHINE LEARNING & INTRUSION DETECTION: HYPE OR REALITY?
MACHINE LEARNING & INTRUSION DETECTION: 1 SUMMARY The potential use of machine learning techniques for intrusion detection is widely discussed amongst security experts. At Kudelski Security, we looked
More informationAzure Machine Learning, SQL Data Mining and R
Azure Machine Learning, SQL Data Mining and R Day-by-day Agenda Prerequisites No formal prerequisites. Basic knowledge of SQL Server Data Tools, Excel and any analytical experience helps. Best of all:
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationPractical Data Science with Azure Machine Learning, SQL Data Mining, and R
Practical Data Science with Azure Machine Learning, SQL Data Mining, and R Overview This 4-day class is the first of the two data science courses taught by Rafal Lukawiecki. Some of the topics will be
More informationData Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila
Data Mining For Intrusion Detection Systems Monique Wooten Professor Robila December 15, 2008 Wooten 2 ABSTRACT The paper discusses the use of data mining techniques applied to intrusion detection systems.
More informationLayered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks
Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks Lohith Raj S N, Shanthi M B, Jitendranath Mungara Abstract Protecting data from the intruders
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationHow To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme
Efficient Detection for DOS Attacks by Multivariate Correlation Analysis and Trace Back Method for Prevention Thivya. T 1, Karthika.M 2 Student, Department of computer science and engineering, Dhanalakshmi
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationUpdate to V10. Automic Support: Best Practices Josef Scharl. Please ask your questions here http://innovate.automic.com/q&a Event code 6262
Update to V10 Automic Support: Best Practices Josef Scharl Please ask your questions here http://innovate.automic.com/q&a Event code 6262 Agenda Update to Automation Engine Version 10 Innovations in Version
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationMeasuring Intrusion Detection Capability: An Information-Theoretic Approach
Measuring Intrusion Detection Capability: An Information-Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Boris Škorić Wenke Lee Philips Research Laboratories, Netherlands Georgia Institute of
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationINTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationINTRUSION PREVENTION AND EXPERT SYSTEMS
INTRUSION PREVENTION AND EXPERT SYSTEMS By Avi Chesla avic@v-secure.com Introduction Over the past few years, the market has developed new expectations from the security industry, especially from the intrusion
More informationKapitel 2 Unternehmensarchitektur III
Kapitel 2 Unternehmensarchitektur III Software Architecture, Quality, and Testing FS 2015 Prof. Dr. Jana Köhler jana.koehler@hslu.ch IT Strategie Entwicklung "Foundation for Execution" "Because experts
More informationINTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA
INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationModerne Sicherheit. Fokussiert auf Business Continuity, Mobilität & Application Control. Marc Mathys Country Manager Switzerland
Moderne Sicherheit Fokussiert auf Business Continuity, Mobilität & Application Control Marc Mathys Country Manager Switzerland Network Security History in a Nutshell 1990s The Internet is bad if we do
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationSTANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS
STANDARDISATION AND CLASSIFICATION OF ALERTS GENERATED BY INTRUSION DETECTION SYSTEMS Athira A B 1 and Vinod Pathari 2 1 Department of Computer Engineering,National Institute Of Technology Calicut, India
More informationNetwork Intrusion Detection Systems
Network Intrusion Detection Systems False Positive Reduction Through Anomaly Detection Joint research by Emmanuele Zambon & Damiano Bolzoni 7/1/06 NIDS - False Positive reduction through Anomaly Detection
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Intrusion Detection System 1 Intrusion Definitions A set of actions aimed to compromise the security
More informationIntrusion Detection Systems vs. Intrusion Prevention Systems. Sohkyoung (Michelle) Cho ACC 626
Intrusion Detection Systems vs. Intrusion Prevention Systems Sohkyoung (Michelle) Cho ACC 626 1.0 INTRODUCTION An increasing number of organizations use information systems to conduct their core business
More informationA very short history of networking
A New vision for network architecture David Clark M.I.T. Laboratory for Computer Science September, 2002 V3.0 Abstract This is a proposal for a long-term program in network research, consistent with the
More informationBio-inspired cyber security for your enterprise
Bio-inspired cyber security for your enterprise Delivering global protection Perception is a network security service that protects your organisation from threats that existing security solutions can t
More informationMit einem Auge auf den mathema/schen Horizont: Was der Lehrer braucht für die Zukun= seiner Schüler
Mit einem Auge auf den mathema/schen Horizont: Was der Lehrer braucht für die Zukun= seiner Schüler Deborah Löwenberg Ball und Hyman Bass University of Michigan U.S.A. 43. Jahrestagung für DidakEk der
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationData Mining for Network Intrusion Detection
Data Mining for Network Intrusion Detection S Terry Brugger UC Davis Department of Computer Science Data Mining for Network Intrusion Detection p.1/55 Overview This is important for defense in depth Much
More informationSearch Engines Chapter 2 Architecture. 14.4.2011 Felix Naumann
Search Engines Chapter 2 Architecture 14.4.2011 Felix Naumann Overview 2 Basic Building Blocks Indexing Text Acquisition Text Transformation Index Creation Querying User Interaction Ranking Evaluation
More informationDesigning and Implementing a Server Infrastructure MOC 20413
Designing and Implementing a Server Infrastructure MOC 20413 In dieser 5-tägigen Schulung erhalten Sie die Kenntnisse, welche benötigt werden, um eine physische und logische Windows Server 2012 Active
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More informationData Mining - Evaluation of Classifiers
Data Mining - Evaluation of Classifiers Lecturer: JERZY STEFANOWSKI Institute of Computing Sciences Poznan University of Technology Poznan, Poland Lecture 4 SE Master Course 2008/2009 revised for 2010
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationMachine Learning Final Project Spam Email Filtering
Machine Learning Final Project Spam Email Filtering March 2013 Shahar Yifrah Guy Lev Table of Content 1. OVERVIEW... 3 2. DATASET... 3 2.1 SOURCE... 3 2.2 CREATION OF TRAINING AND TEST SETS... 4 2.3 FEATURE
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationDon t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure
Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure Security studies back up this fact: It takes less than 20
More information2010 White Paper Series. Layer 7 Application Firewalls
2010 White Paper Series Layer 7 Application Firewalls Introduction The firewall, the first line of defense in many network security plans, has existed for decades. The purpose of the firewall is straightforward;
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationAn Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation
An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation Shanofer. S Master of Engineering, Department of Computer Science and Engineering, Veerammal Engineering College,
More informationEfficient Security Alert Management System
Efficient Security Alert Management System Minoo Deljavan Anvary IT Department School of e-learning Shiraz University Shiraz, Fars, Iran Majid Ghonji Feshki Department of Computer Science Qzvin Branch,
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationConclusions and Future Directions
Chapter 9 This chapter summarizes the thesis with discussion of (a) the findings and the contributions to the state-of-the-art in the disciplines covered by this work, and (b) future work, those directions
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationMicrosoft Certified IT Professional (MCITP) MCTS: Windows 7, Configuration (070-680)
Microsoft Office Specialist Office 2010 Specialist Expert Master Eines dieser Examen/One of these exams: Eines dieser Examen/One of these exams: Pflichtexamen/Compulsory exam: Word Core (Exam 077-881)
More informationHEURISTICS FOR IMPROVED ENTERPRISE INTRUSION DETECTION. A Dissertation. Presented to. the Faculty of Engineering and Computer Science
HEURISTICS FOR IMPROVED ENTERPRISE INTRUSION DETECTION A Dissertation Presented to the Faculty of Engineering and Computer Science University of Denver In Partial Fulfillment of the Requirements for the
More informationEffective Intrusion Detection
Effective Intrusion Detection A white paper by With careful configuration and management, intrusion detection systems can make a valuable contribution to IT infrastructure security s Global network of
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationWolkige Versprechungen - Freiraum mit Tuecken
Wolkige Versprechungen - Freiraum mit Tuecken Aria_Naderi@bmc.com Wolkige Versprechungen Im Rechenzentrum Wölkchen sind inzwischen bereits einige Wölkchen am Netz Himmel aufgezogen, doch eine dichte Wolkendecke
More informationCognitive and Organizational Challenges of Big Data in Cyber Defense
Cognitive and Organizational Challenges of Big Data in Cyber Defense Nathan Bos & John Gersh Johns Hopkins University Applied Laboratory nathan.bos@jhuapl.edu, john.gersh@jhuapl.edu The cognitive and organizational
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationIntrusion Detection. Tianen Liu. May 22, 2003. paper will look at different kinds of intrusion detection systems, different ways of
Intrusion Detection Tianen Liu May 22, 2003 I. Abstract Computers are vulnerable to many threats. Hackers and unauthorized users can compromise systems. Viruses, worms, and other kinds of harmful code
More informationKEITH LEHNERT AND ERIC FRIEDRICH
MACHINE LEARNING CLASSIFICATION OF MALICIOUS NETWORK TRAFFIC KEITH LEHNERT AND ERIC FRIEDRICH 1. Introduction 1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They
More informationAn Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/
An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at
More informationIntrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12
Intrusion Detection Systems and Supporting Tools Ian Welch NWEN 405 Week 12 IDS CONCEPTS Firewalls. Intrusion detection systems. Anderson publishes paper outlining security problems 1972 DNS created 1984
More informationIDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for
Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationAPPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK AND INFORMATION PROTECTION
18-19 September 2014, BULGARIA 137 Proceedings of the International Conference on Information Technologies (InfoTech-2014) 18-19 September 2014, Bulgaria APPLICATION OF MULTI-AGENT SYSTEMS FOR NETWORK
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More informationIntrusion Detection. Jeffrey J.P. Tsai. Imperial College Press. A Machine Learning Approach. Zhenwei Yu. University of Illinois, Chicago, USA
SERIES IN ELECTRICAL AND COMPUTER ENGINEERING Intrusion Detection A Machine Learning Approach Zhenwei Yu University of Illinois, Chicago, USA Jeffrey J.P. Tsai Asia University, University of Illinois,
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationINTRUSION DETECTION ALARM CORRELATION: A SURVEY
INTRUSION DETECTION ALARM CORRELATION: A SURVEY Urko Zurutuza, Roberto Uribeetxeberria Computer Science Department, Mondragon University Mondragon, Gipuzkoa, (Spain) {uzurutuza,ruribeetxeberria}@eps.mondragon.edu
More informationCentral Release and Build Management with TFS. Christian Schlag
Central Release and Build Management with TFS Christian Schlag OUR DAILY MOTIVATION It s hard enough for software developers to write code that works on their machine. But even when it s done, there s
More informationFalse Positives Reduction Techniques in Intrusion Detection Systems-A Review
128 False Positives Reduction Techniques in Intrusion Detection Systems-A Review Asieh Mokarian, Ahmad Faraahi, Arash Ghorbannia Delavar, Payame Noor University, Tehran, IRAN Summary During the last decade
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) THE CYBER SECURITY INITIATIVE. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More information