Design for Zombie PCs and APT Attack Detection based on traffic analysis
|
|
Son, Kyungho
(Korea Internet & Security Agency)
Lee, Taijin (Korea Internet & Security Agency) Won, Dongho (Sungkyunkwan University) |
| 1 | Ning P and Cui Y (2002), "An intrusion alert correlator based on prerequisites of intrusions," TR-2002-01 |
| 2 | O.Dain and R.Cunninghan, "Building scenarios from a heterogeneous alert stream," IEEE Workshop on Information Assurance and Security, 2001. |
| 3 | Munsun Shin, Eunhui Kim, Hosung Mun, Keunho Ryu and Kiyoung Kim, "Data mining based alarm data analysis implementation," KCC : database 31(1), 2004.2. |
| 4 | F. Xiao, S. Jin and X. Li, "A novel data mining-based method for alert reduction and analysis," Journal of Network, vol. 5, no. 1, 2010, pp. 88-97. |
| 5 | S. Noel and S. Jajodia, "Correlating intrusion events and building attack scenarios through attack graph distance," In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), 2004. |
| 6 | C. Abad, Y. Li, K. Lakkaraju, X. Yin, and W. Yurcik. "Correlation between netFlow system and network views for intrusion detection in workshop on link analysis," Counter-terrorism, and Privacy held in conjunction with the SIAM International Conference on Data Mining, 2004. |
| 7 | Suhyung Lee, Hyochan Bang, Byunghwan Jang and Jungchan Na, "Security event processing for effective analysis," Electronics and Telecommunications Trends, 22(1), 2007.2. |
| 8 | A. Rao and S. Zang, "HBase-0.20.0 performance evaluation, "http://cloudepr.blogspot.com/2009_08_01_archive.html |
| 9 | Rishi Sinha, et.al, "Internet packet size distributions: some observations," Technical Report ISI-TR-2007-643, USC/Information Sciences Institute, May, 2007 |
| 10 | Elshoush, H. Tagelsir, and I. M. Osmank, "Alert correlation in collaborative intelligent intrusion detection systems - A survey," Applied Soft Computing In Press, 2011. |
| 11 | K. Julisch, "Mining alarm clusters to improve alarm handling efficiency," Proceedings of the 17th Annual Conference on Computer Security Applications, 2001. |
| 12 | S. Cheung, U. Lindqvist, and M.W. Fong, "Modeling multistep cyber attacks for scenario recognition," DARPA Information Survivability Conference and Exposition, pp.284-292, 2003. |
| 13 | H. Debar, and A. Wespi, "Aggregation and correlation of intrusion detection alerts," Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pp.85-103, 2001. |
| 14 | B. Morin, L. Me, H. Debar, and M. Ducasse, "M2D2: A formal data model for IDS alert correlation," Proc. Recent Advances in Intrusion Detection, pp.115-137, 2002 |
| 15 | X. Qin, and W. Le, "Statistical causality of infosec alert data," Proceedings of Recent Advances in Intrusion Detection, 2003. |
| 16 | P. Ning, Y. Cui, and D. Reeves, "Analyzing intensive intrusion alerts via correlation," Proceedings of the International Symposium on the Recent Advances in Intrusion Detection, pp. 74-94. 2002. |
| 17 | P. Ning, Y. Cui, and D.S. Reeves, "Constructing attack scenarios through correlation of intrusion alerts," Proc. ACM Conf. Computer and Comm. Security, pp. 245-254, 2002. |
| 18 | F. Cuppens, "Managing alerts in a multi- intrusion detection environment," 17th Annual Computer Security Applications Conference, 2001. |
| 19 | W.L. Xinzhou Qin, "Statistical causality analysis of infosec alert data," Lecture Notes in Computer Science, 2003. |
| 20 | A.Valdes and K. Skinner, "Probabilistic alert correlation," RAID 2001. |
 |
Korea Institute of Science and Technology Information
Gwahangno, Yuseong-gu, Daejeon, 305-806, Korea TEL : +82-42-869-1752
Copyright (c) 2009 KISTI. All Rights Reserved. For more information mail to
webmaster
