Correlation in an intrusion detection process
Texte intégral
Documents relatifs
The proposed intrusion detection systems considers a general type of an attack scenario where malicious packets are injected into a SCADA network system composed of a
The fundamental axes addressed in this thesis are the following (fig. 1.1): based on the future airworthiness security process activities and on the security
Active learning methods rely on an interactive process where the expert is asked to annotate some instances from a large un- labelled pool to improve the current detection model and
The fourth step consists in transforming the action tree with observers into a correlation tree that describes the observable events that can be used to detect the whole
In this paper, we developed a corner detector for TWRI ap- plications following a correlation matching framework, where the a priori known intensity correlogram of the
Besides the new attack detector scheme, the paper also presents a preliminary study of the worst-case attack as well as an optimal control with the aim to mitigate the attack
The approach is based on the DETECT framework, which implements a model-based detection engine, currently limited to Event Trees but suitable to accommodate different
To analyze the performance of our proposed techniques we use parts of the well-known DARPA intrusion detection evaluation data set [16] that consists of several weeks of labeled