References
- F. Cuppens, Miege, A, 'Alert correlation in a cooperative intrusion detection framework,' IEEE Symposium on Security and Privacy, pp.202-215, May., 2002 https://doi.org/10.1109/SECPRI.2002.1004372
- D, O, Cunningham, R, 'Fusing a heterogeneous alert stream into scenarios,' ACM Workshop on Data Mining for Security Applications, pp.1 -13, Nov., 2001
- Debar, H., Wespi, A, 'Aggregation and correlation of intrusion-detection alerts,' Recent Advances in Intrusion Detection, pp.85-103, Oct., 2001
- F. Cuppens, R. Ortalo, 'LAMBDA: A language to model a database for detection of attacks,' Recent Advances in Intrusion Detection, pp.197-216, Oct., 2000
- R. Heady, G. Luger, A. Maccabe, and M. Servilla, 'The Architecture of a Network Level Intrusion Detection System,' Technical report, Computer Science Department, University of New Mexico, Aug., 1990
- M. Joshi, R. Agarwal, V. Kumar, PNrule, 'Mining Needles in a Haystack Classifying Rare Classes via Two-Phase Rule Induction,' ACM SIGMOD Conference on Management of Data, pp.91 -102, May., 2001
- B. Morin, L. Me, H. Debar, and M. Ducasse. 'M2D2: A formal data model for IDS alert correlation,' International Symposium on Recent Advances in Intrusion Detection, pp.115-137, 2002
- K Julisch. 'Mining alarm clusters to improve alarm handling efficiency,' Annual Computer Security Applications Conference, pp.12-21, Dec., 2001
- P. Ning, Y. Cui, and D. S Reeves. 'Constructing attack scenarios through correlation of intrusion alerts,' ACM Conference on Computer and Communications Security, pp.245-254, Nov., 2002 https://doi.org/10.1145/586110.586144
- P. A. Porras, M. W. Fong, and A. Valdes. 'A mission impact based approach to INFOSEC alarm correlation,' Recent Advances in Intrusion Detection, pp.95-114, Oct., 2002
- W. Lee. 'A Data Mining Framework for Constructing Features and Models for Intrusion Detection System,' PhD thesis, Computer Science Department, Columbia University, NY, 1999
- S. Manganaris et al. ' Data Mining Analysis of RTID Alarms,' Recent Advances in Intrusion Detection, pp.7-9, Sep., 1999
- F. Provost and T. Fawcett, 'Robust Classification for Imprecise Environments,' Machine Learning, vol. 42/3, pp.203-231, 2001 https://doi.org/10.1023/A:1007601015854
- S. Staniford, J.A. Hoagland, and J.M. McAlemey. 'Practical Automated Detection of Stealthy Portscans,' ACM Computer and Communications Security IDS Workshop, pp.105-136, 2000
- Templeton, S., Levit, K, 'A requires/provides model for computer attacks,' New Security Paradigms Workshop, pp.31-38, 2000 https://doi.org/10.1145/366173.366187
- A. Valdes, 'Probabilistic Alert Correlation,' Recent Advances in Intrusion Detection, pp.54-68, 2001
- Moon Sun Shin, Eun Hee Kim, Keun Ho Ryu, Ki Young Kim. 'Data Mining Methods for Alert Correlation Analysis,' IJCIS, 2003
- Moon Sun Shin, Eun Hee Kim, Keun Ho Ryu, 'False Alarm Classification Model for Network Based Intrusion Detection System,' Intelligent Data Engineering and Automated Learning, pp.259 - 265, May., 2004
- 신문선, 김은희, 문호성, 류근호, 김기영, '데이터 마이닝 기법을 이용한 경보데이터 분석기 구현', 정보과학회논문지, 제31권, 1호, 2004
- J. Han, Y. Cai, and N. Cercone, 'Data driven discovery of quantitative rules in relational databases,' IEEE Transactions on Knowledge and Data Engineering, pp.29-40, 1993 https://doi.org/10.1109/69.204089
- Snort. Open-source Network Intrusion Detection System. http://www .snort.org
- K. Julisch. 'Dealing with False Positives in Intrusion Detection,' In 3nd Workshop on Recent Advances in Intrusion Detection, 2000