Security Tools White Papers

Real-Time Multistage Attack Awareness Through Enhanced Intrusion Alert Clustering

Overview Correlation and fusion of intrusion alerts to provide effective Situation Awareness of cyber-attacks has become an active area of research. Snort is the most widely deployed intrusion detection sensor. For many networks and their system administrators, the alerts generated by Snort are the primary indicators of network misuse and attacker activity. However, the volume of the alerts generated in typical networks makes real-time attack scenario comprehension dif-cult. This paper present an attack-stage oriented classification of alerts using Snort as an example, and demonstrate that this effectively improves real-time Situation Awareness of multistage attacks. It also incorporate this scheme into a real-time attack detection framework and prototype presented by the authors in previous work and provide some results from testing against multistage attack scenarios.

Further White Paper Details
PublisherUniversity at Buffalo File FormatPDF
Date PublishedDecember 2007
FormatWhite Papers   
Topics
  • Download White Paper
  • Yes, useful No, not useful Did you find this white paper useful? 1 out of 2 users found this white paper useful

Balancing Security Against Productivity

Download

What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Download

Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...

Secure Desktop On-Demand Webcast

Download

The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...

White Paper: Fw Monitor - A Troubleshooting Tool

Download

fw monitor is a useful packet capture tool provided by Check Point as a part of VPN-1/FireWall-1. It allows a network troubleshooter to capture packets as they pass through the...

Improving IT Compliance: Guidance for Midsize Organizations

Download

The results are in on the compliance efforts of companies boasting annual revenues of $50 to $999 million, and there's definitely room for improvement, especially at the middle and top...

  • Featured White Papers
Packeteer

Best in Class Organisations Use Packeteers WAN Optimisation Solutions


Independent research from the Aberdeen Group shows that the most successful enterprises are reaping the benefits of the Packeteer solution and are using it for competitive advantage.

Download

Siemens

Protecting key assets (security)


Key infrastructure elements must be secured against outages, damage and sabotage. Siemens offers comprehensive solutions from healthcare and power generation to water supply, transportation, and industrial production, to telecommunications.

Download

DataFlux

Getting Started with Master Data Management


Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Download

Childnet helps parents get web savvy

Childnet helps parents get web savvy

Case study: Gov't initiative to bridge digital divide more

More Public Sector

Travel site bookings fly when glitch fixed

Travel site bookings fly when glitch fixed

Case study: Testing software gives Thomson Holidays a boost more

More Retail & Leisure

Cheat Sheet: BBC iPlayer

Cheat Sheet: BBC iPlayer

Get the lowdown on Auntie's biggest online endeavour more

More WebWatch


Quick Sitemap Links: