The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Rule-based filters are sequences of rules formed of a condition and a decision. Rules are applied sequentially up to the first fulfilled condition, whose matching decision determines the outcome. Such filters are particularly useful in network management, where they filter packets allowed to flow in or out of an interface. Properties of filters which either reveal or hint to misconfiguration (anomalies)...
Nowadays, it becomes more and more important to construct high-level attack scenarios from low-level intrusion alerts reported by intrusion detection systems (IDSs). Some methods have been presented to resolve this problem. These methods have different strengths. However, they also have different limitations. In order to build complicated attack processes accurately, this paper uses cluster and correlation...
Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks,...
For the purpose of reducing redundant alerts and false alerts as well as recognizing complicated attack scenarios, a multilevel model of alert fusion is presented. This model fuses alerts layer upon layer through primary alert reduction, alert verification, alert clustering and alert correlation. In order to construct accurate and complete attack sensors, in the phase of alert clustering, this paper...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.