Design and Implementation of Alert Analysis System using Correlation |
이수진
(한국과학기술원 전자전산학과)
정병천 (한국과학기술원 전자전산학과) 김희열 (한국과학기술원 전자전산학과) 이윤호 (한국과학기술원 전자전산학과) 윤현수 (한국과학기술원 전산학과) 김도환 (국가보안기술연구소) 이은영 (국가보안기술연구소) 박응기 (국가보안기술연구소) |
1 | K. Kendall, 'A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems,' Master's Thesis, Massachusetts Institute of Technology, June 1999 |
2 | Wenke Lee,. 'A Framework for Constructing Features and Models for Intrusion Detection System,' PhD thesis, Columbia University, June 1999 |
3 | W. Lee, R.A. Nimbalkar, K.K. Yee, S.B. Patil, P.H. Desai, T.T. Tran, and S,J. Stolfo, 'A Data Mining and CIDF-Based Approach for Detecting Novel and Distributed Intrusions,' Proceedings 2000 International Workshop on Recent Advances in Intrusion Detection (RAID), Toulouse, France, October 2000 |
4 | NMAP Network Mapping tool. http://www.insecure.org/nmap/ |
5 | CERT Coordination Center. Cert/CC Advisories Carnegie Mellon, Software Engineering Institute. Online. http://www.cert.org/advisories/ |
6 | C. Kahn, P.A. Porras, S. Staniford-Chen, and B. Tung, 'A Common Intrusion Detection Framework,' http://www.gidos.org |
7 | L. Perrochon, E. Jang, and D.C. Luckham, 'Enlisting Event Patterns for Cyber Battlefield Awareness,' DARPA Information Survivability Conference & Exposition (DISCEX'00), Hilton Head, South Carolina, January 2000 DOI |
8 | A. Valdes and K. Skinne, 'Probabilistic Alert Correlation,' Fourth International Workshop on the Recent Advances in Intrusion Detection, Davis, USA, October 2001 |
9 | F. Cuppens, 'Correlation in an intrusion detection process,' Internet Security Communication Workshop(SECI02), Tunis- Tunisia, September 2002 |
10 | H. Debar and A. Wespi, 'Aggregation and Correlation of Intrusion-Detection Alerts,' Proceedings of 2001 International Workshop on Recent Advances in Intrusion Detection, Davis, CA, October 2001 |
11 | Phillip A. Porras, et aI, 'A Mission impact-Based Approach to INFOSEC Alarm Correlation,' Fifth International Workshop on the Recent Advances in Intrusion Detection, Zurich, Switzerland, October 2002 |
12 | P. Porras and P. Neumann, 'Emerald: Event Monitoring Enabling Responses to Anomalous Live Disturbances,' National Security Conference, 1997 |
13 | E. Bloedorn, et aI, 'Data Mining for Network Intrusion Detection: How to Get Started,' MITRE Technical Report, August 2001 |
14 | F. Cuppens, 'Cooperative Intrusion Detection,' International Symposium 'Information Superiority: Tools for Crisis & Conflict-Management,' Paris, France, September, 2001 |
15 | F. Cuppens, 'Managing alerts in a multi intrusion detection environment,' 17th Annual Computer Security Applications Conference (ACSAC), New Orleans, December 2001 DOI |
16 | Bugtraq. Security Focus Online. http://online. securityfocus.com/archive/1 |