As security threats advance in a drastic way, most of the organizations implemented multiple Network Intrusion Detection Systems (NIDSs) to optimize detection and to provide comprehensive view of intrusion activities. But NIDSs trigger a massive amount of alerts even for a day and overwhelmed security experts. Thus, automated and intelligent clustering is important to reveal their structural co...

Gaseous elemental mercury (GEM) measurements at Alert, Canada, from 1995 to 2007 were analyzed for statistical time trends and for correlations with meteorological and climate data. A significant decreasing trend in annual GEM concentration is reported at Alert, with an estimated slope of −0.0086 ng m−3 yr−1 (−0.6% yr−1) over this 13-year period. It is shown that there has been a shift in the m...

This paper presents conceptual model, architecture and software prototype of a multi-agent intrusion detection system (IDS) operating on the basis of heterogeneous alert correlation. The latter term denotes IDS provided with a structure of anomaly detection–like classifiers designed for detection of intrusions in cooperative mode. An idea is to use a structure of classifiers operating on the ba...

A growing trend in the cybersecurity landscape is represented by multistep attacks that involve multiple correlated intrusion activities to reach the intended target. The duty of correlating security alerts and reconstructing complete attack scenarios is left to system administrators because current Network Intrusion Detection Systems (NIDS) are still oriented to generate alerts related to sing...

Alert correlation is the process of analyzing, relating and fusing the alerts generated by one or more Intrusion Detection Systems (IDS) in order to provide a high-level and comprehensive view of the security situation of the system or network. Different approaches, such as rule-based, prerequisites consequences-based, learning-based and similarity-based approach are used in correlation process...

CUI, YUN. A Toolkit for Intrusion Alerts Correlation Based on Prerequisites and Consequences of Attacks. (Under the direction of Dr. Peng Ning.) Intrusion Detection has been studied for about twenty years. Intrusion Detection Systems (IDSs) are usually considered the second line of defense to protect against malicious activities along with the prevention-based security mechanisms such as authen...

With the increasingly widespread deployment of security mechanisms, such as firewalls, intrusion detection systems (IDSs), antivirus software and authentication services, the problem of alert analysis has become very important. The large amount of alerts can overwhelm security administrators and prevent them from adequately understanding and analyzing the security state of the network, and init...

1 This work was supported by NSF Cyber Trust Program Grant No: SCI-0430354, NSA IASP Grant No: H98230-04-1-0205, Office of Naval Research Grant number N00014-01-1-0678, and the Department of Computer Science and Engineering, Center for Computer Security Research at Mississippi State University. Parts of this work have appeared in Proceedings: IEEE International Conference on Intelligence and Se...