Alert Correlation Analysis based on Clustering Technique for IDS |
Shin, Moon-Sun
(충북대학교 대학원 전자계산학과)
Moon, Ho-Sung (가림정보기술) Ryu, Keun-Ho (충북대학교 전기전자및 컴퓨터공학부) Jang, Jong-Su (한국전자통신연구원) |
1 | Sudipto Guha, Rajeev Rastogi and Kyuseok Shim, 'ROCK : A Robust Clustering Algorithm for Categorical Atributes,' In Proceedings of the 15th International Confererence on Data Engineering, (lCDE), Sydney. Australia, 2326, IEEE Press, pp.512-521. Mar., 1999 DOI |
2 | KDD99 Cup, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999 |
3 | DARPA 1998 intrusion detection evaluation datasets, http://ideval.ll.mit.edu |
4 | D. Curry and H. Debar, 'Intrusion detection message exchange format data model and extensible markup language (xml) document type definition,' Internet Draft, draft-ietf-idwg-idmef-xml-0.3.txt, Feb., 2001 |
5 | Sudipto Guha, Rajeev Rastogi and Kyuseok Shim, 'CURE : An Efficient Clustering Algorithm for Large Databases,' In Proceedings of the International Conference on Management of Data, (SIGMOD), SIGMOD Record, Seattle, WA, USA, 14, ACM Press, Vo1.27(2), pp.73-84, Jun., 1998 |
6 | Fred Cuppens, 'Managing Alerts in a Multi-Intrusion Detection Environment,' In Proceedings of the third International Symposium on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France, 2000 DOI |
7 | Periklis Andritsos, 'Data Clustering Techniques,' Qualifying Oral Examination Paper, 2001 |
8 | O. Dain and R. K. Cunningham, 'Fusing a heterogeneous alert stream into scenarios,' In Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, pp.1-13, Nov., 2001 |
9 | H. Debar and A. Wespi, 'Aggregation and correlation of intrusion-detection alerts,' In Recent Advances in Intrusion Detection, number 2212 in Lecture Notes in Computer Science, pp.85-103, 2001 |
10 | S. Staniford, J. A. Hoagland and J. M. McAlerney, 'Practical automated detection of stealthy portscans,' To appear in Journal of Computer Security, 2000 DOI |
11 | A. Valdes and K. Skinner, 'Probabilistic alert correlation,' In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), pp. 54-68, 2001 |
12 | W. Lee, S. J. Stolfo and K. W. Mok, 'A Data Mining Framework for Building Intrusion Detection Models,' In Proceedings of the third International Symposium on Recent Advances in Intrusion Detection (RAID 1999), 1999 DOI |
13 | Myung Jin Lee, Moon Sun Shin, Ho Sung Moon, Keun Ho Ryu, 'Design and Implementation of Alert Analyzer with Mining Engine, IDEAL03, HongKong, China, Mar., 2003 |
14 | 박상길, 김진오, 장종수, '보안네트워크 프레임워크에서 이기종의 침입 탐지 시스템 연동을 위한 정보데이터 처리', 제19회 한국정보처리학회 춘계학술발표대회논문집, 제10권 제1호, pp.2169-2172 |
15 | Moon Sun Shin, Ho Sung Moon, Keun Ho Ryu, Ki Young Kim, Jinoh Kim, 'Applying Data Mining Techniques to Analyze Alert Data,' APWeb03, Xian, China, Apr., 2003 |
16 | W. Lee and S. J. Stolfo, 'Data mining approaches for intrusion detection,' In Proceedings of the 7th USENIX Security Symposium, 1998 |
17 | Ho Sung Moon, Eun Hee Kim, Moon Sun Shin, Keun Ho Ryu, Jinoh Kim, 'Implementation of Security Policy Server's Alert Analyzer,' ICIS, Aug., 2002 |