Item 10203/359
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lee, S | ko |
| dc.contributor.author | Chung, B | ko |
| dc.contributor.author | Kim, H | ko |
| dc.contributor.author | Lee, Y | ko |
| dc.contributor.author | Park, C | ko |
| dc.contributor.author | Yoon, Hyunsoo | ko |
| dc.date.accessioned | 2007-05-25T07:58:49Z | - |
| dc.date.available | 2007-05-25T07:58:49Z | - |
| dc.date.created | 2012-02-06 | - |
| dc.date.created | 2012-02-06 | - |
| dc.date.issued | 2006-05 | - |
| dc.identifier.citation | COMPUTERS & SECURITY, v.25, no.3, pp.169 - 183 | - |
| dc.identifier.issn | 0167-4048 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/359 | - |
| dc.description.abstract | With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. This paper presents a fast and efficient system for analyzing alerts. Our system basically depends on the probabilistic correlation. However, we enhance the probabilistic correlation by applying more systematically defined similarity functions and also present a new correlation component that is absent in other correlation models. The system can produce meaningful information by aggregating and correlating the large volume of alerts and can detect Large-scale attacks such as distributed denial of service (DDoS) in early stage. We measured the processing rate of each elementary component and carried out a scenario-based test in order to analyze the efficiency of our system. Although the system is still imperfect, we were able to reduce the numerous redundant alerts 5.5% of the original volume without distorting the meaning through two-phase reduction. This ability reduces the management overhead drastically and makes the analysis and correlation easy. Moreover, we were able to construct attack scenarios for multistep attacks and detect large-scale attacks in real time. (C) 2005 Elsevier Ltd. All rights reserved. | - |
| dc.description.sponsorship | This work was supported by the Korea Science and Engineering Foundation (KOSEF) through the advanced Information Technology Research Center (AITrc) and University IT Research Center Project. | en |
| dc.language | English | - |
| dc.language.iso | en_US | en |
| dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000238604700015 | - |
| dc.identifier.scopusid | 2-s2.0-33646899894 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 25 | - |
| dc.citation.issue | 3 | - |
| dc.citation.beginningpage | 169 | - |
| dc.citation.endingpage | 183 | - |
| dc.citation.publicationname | COMPUTERS & SECURITY | - |
| dc.identifier.doi | 10.1016/j.cose.2005.09.004 | - |
| dc.embargo.liftdate | 9999-12-31 | - |
| dc.embargo.terms | 9999-12-31 | - |
| dc.contributor.localauthor | Yoon, Hyunsoo | - |
| dc.contributor.nonIdAuthor | Lee, S | - |
| dc.contributor.nonIdAuthor | Chung, B | - |
| dc.contributor.nonIdAuthor | Kim, H | - |
| dc.contributor.nonIdAuthor | Lee, Y | - |
| dc.contributor.nonIdAuthor | Park, C | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | security | - |
| dc.subject.keywordAuthor | intrusion detection | - |
| dc.subject.keywordAuthor | correlation | - |
| dc.subject.keywordAuthor | alert analysis | - |
| dc.subject.keywordAuthor | reduction | - |
| dc.subject.keywordAuthor | attack scenario | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 22 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.