You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Hypothesizing and Reasoning About Attacks Missed by Intrusion Detection Systems

Tags:
network security

Overview Several alert correlation methods have been proposed over the past several years to construct high-level attack scenarios from low-level intrusion alerts reported by Intrusion Detection Systems (IDSs). However, all of these methods depend heavily on the underlying IDSs, and cannot deal with attacks missed by IDSs. In order to improve the performance of intrusion alert correlation and reduce the impact of missed attacks, this paper presents a series of techniques to hypothesize and reason about attacks possibly missed by the IDSs. In addition, this paper also discusses techniques to infer attribute values for hypothesized attacks, to validate hypothesized attacks through raw audit data, and to consolidate hypothesized attacks to generate concise attack scenarios.

Further White Paper Details
Publisher	Association for Computing Machinery	File Format	PDF
Date Published	October 2004
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful? 3 out of 7 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Security: New strides in preventing intrusions.

Publisher:
IBM

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

County Government Increases the Security of Its Network

Publisher:
Microsoft

US security council fights back

The pattern-matching system, known as the Federal Intrusion Detection Network (Fidet) would alert authorities to attacks which could cripple Government operations or even the economy. President Clinton may join forces with the FBI to protect...

Channel:
Security Strategy

Symantec streamlines network security

Standalone network-protection products, such as intrusion-detection systems and firewalls, flag any unusual network behaviour as a security 'event'. The Incident Manager also provides guidance to system administrators based on information from the...

Channel:
Security Strategy

2003 sees hackers rise to the task, says NAI chief

To date it has been about intrusion detection. However, the problem now is that with detection it's all very well detecting something but, with the speed of attack being talked about with these Warhol worms, the damage is done "before you've even...

Blaster dodges responsibility for US blackout

The report recommends that US energy companies share alert and vulnerability information, create a group to improve the security of control systems and adopt a set of interim regulations for computer security issued by the FERC.

Channel:
IT Pro

Malware ID scheme set to sort naming muddle

An alert popping up on a user's screen could look like this: "Zotob.E! A desktop antivirus product may display a different name for a fast-spreading worm than the scanner at the email gateway or the intrusion detection system, he said.

Channel:
Security Strategy
Tags:
cme,
virus,
worm

Locking down financial security

Problems with system access rights accounted for three of the top five audit findings for those surveyed. Even fewer used an intrusion prevention system. And the attack rated most threatening by the banks - phishing - happens without the banks...

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Network Security White Papers

Hypothesizing and Reasoning About Attacks Missed by Intrusion Detection Systems

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific