Vendor : University of Michigan
E-mail this page
Related Content
Remember this itemFormat: PDF
Date:
01/01/2008
Enriching Intrusion Alerts Through Multi-Host Causality
0
0 votes
Overview
Current intrusion detection systems point out suspicious states or events but do not show how the suspicious state or events relate to other states or events in the system. This paper shows how to enrich an IDS alert with information about how those alerts causally lead to or result from other events in the system. By enriching IDS alerts with this type of causal information, one can leverage existing IDS alerts to learn more about the suspected attack. Backward causal graphs can be used to find which host allowed a multi-hop attack (such as a worm) to enter a local network; forward causal graphs can be used to find the other hosts that were affected by the multi-hop attack.
See also: Security Tools, Intrusion Detection Systems
Related whitepapers
- Woods Services Gains Advanced Web Filtering Technology with Bloxx
- IT Security Provider Delivers Industry-Leading Comprehensive Endpoint Protection Solution
- Enriching Network Security Analysis With Time Travel
- The Dress Barn, Inc. Achieves Payment Card Industry (PCI) Compliance With Oracle Advanced Security
- Davivienda Unifies Information in a Single Platform and Improves Identity Management Administration
- Security Strategies for the Midsize Business
- NAC 2.0: A new model for a more secure future
- Smart, Simple, Secure Management Options for Small to Medium Enterprises
- Enabling Your Mobile Workforce without Putting Your Data at Risk
- Ethical Hacking and Risk Assessments
|
|
What's important from our sponsors
10 million IT Folks can't be wrong with their server choice.
HP ProLiant ML110 G5 from $999
Click here for the reliable server that cost as little as a PC.
DBOptimizer
Discover, Diagnose & Optimise poor performing SQL…Fast!
C++Builder 2009
RAD visual development meets C++ power – download it now!
Compare your IT salary
Sign-up for free download of IT salary benchmark report 2008.
Country Report: India
Technology for national gains
- ZDNet.com |
- ZDNet Japan |
- ZDNet.de |
- CNET UK |
- CNET.de |
- Tech Republic |
- BNET |
- MP3.com |
- activeTechPros |
- ZDNet UK |
- ZDNet Korea |
- ZDNet France |
- CNET Australia |
- CNET France |
- Download.com |
- Builder |
- GameSpot
- ZDNet Australia |
- ZDNet Taiwan |
- CNET |
- CNET Taiwan |
- News.com |
- Silicon.com |
- TV.com |
- GameSpot Korea
