Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleMay 2024
Knowledge-aware Alert Aggregation in Large-scale Cloud Systems: a Hybrid Approach
- Jinxi Kuang,
- Jinyang Liu,
- Junjie Huang,
- Renyi Zhong,
- Jiazhen Gu,
- Lan Yu,
- Rui Tan,
- Zengyin Yang,
- Michael R. Lyu
ICSE-SEIP '24: Proceedings of the 46th International Conference on Software Engineering: Software Engineering in PracticePages 369–380https://doi.org/10.1145/3639477.3639745Due to the scale and complexity of cloud systems, a system failure would trigger an "alert storm", i.e., massive correlated alerts. Although these alerts can be traced back to a few root causes, the overwhelming number makes it infeasible for manual ...
- research-articleMay 2021
Near real-time intrusion alert aggregation using concept-based learning
CF '21: Proceedings of the 18th ACM International Conference on Computing FrontiersPages 152–160https://doi.org/10.1145/3457388.3458663Intrusion detection systems generate a large number of streaming alerts. It can be overwhelming for analysts to quickly and effectively find related alerts stemmed from correlated attack actions. What if fast arriving alerts could be automatically ...
- ArticleJune 2012
Research on Preprocessing Technique of Alert Aggregation
CSO '12: Proceedings of the 2012 Fifth International Joint Conference on Computational Sciences and OptimizationPages 597–600https://doi.org/10.1109/CSO.2012.136In order to solve the problems caused by repetitive IDS alerts, an adaptive alert aggregation approach is proposed in this paper. According to the corresponding alert types, the stay times of aggregate alerts in the buffer area can be adjusted ...
- ArticleSeptember 2011
An alerts correlation technology for large-scale network intrusion detection
WISM'11: Proceedings of the 2011 international conference on Web information systems and mining - Volume Part IPages 352–359Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The ...
- research-articleMarch 2011
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 8, Issue 2Pages 282–294https://doi.org/10.1109/TDSC.2009.36Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts—produced by low-level intrusion detection systems, firewalls, etc.—belonging to a specific attack instance which has been initiated ...
- ArticleSeptember 2003
Alert aggregation in mobile ad hoc networks
WiSe '03: Proceedings of the 2nd ACM workshop on Wireless securityPages 69–78https://doi.org/10.1145/941311.941323In Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs), IDS agents using local detection engines alone may lead to undesirable performance due to the dynamic feature of MANETs. In this paper, we present a nonoverlapping Zone-based ...
- ArticleOctober 2001
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00: Proceedings of the 4th International Symposium on Recent Advances in Intrusion DetectionPages 85–103This paper describes an aggregation and correlation algorithm used in the design and implementation of an intrusion-detection console built on top of the Tivoli Enterprise Console (TEC). The aggregation and correlation algorithm aims at acquiring ...