The premise of automated alert correlation is to accept that false alerts from a low level intrusion detection system are inevitable and use attack models to explain the output in ...
We apply adjacency matrix clustering to network attack graphs for attack correlation, prediction, and hypothesizing. We self-multiply the clustered adjacency matrices to show atta...
— Anomaly-based intrusion detection systems have the ability of detecting novel attacks, but in real-time detection, they face the challenges of producing many false alarms and f...
We present and empirically analyze a machine-learning approach for detecting intrusions on individual computers. Our Winnowbased algorithm continually monitors user and system beh...
In this paper we propose a peer-to-peer (P2P) prototype (INTCTD) for intrusion detection over an overlay network. INTCTD is a distributed system based on neural networks for detec...