{"title":"信息系统相关事件的时间依赖性建模","authors":"Jacques Saraydaryan, V. Legrand, S. Ubéda","doi":"10.1145/1416729.1416776","DOIUrl":null,"url":null,"abstract":"Many works have been carried out in events correlation and intrusion detection. Although they use different methods or correlation approaches, they all highlight the importance of time in their modeling process. In this paper, we suggest a new time consideration for our previous works Bayesian behavior intrusion detection. Using a probabilistic approach, we introduce time consideration in the profile of user/system interactions. This enriched profile will integrate all time dependencies among correlated alerts. Some works provide attack graphs scenarios where time dependencies are explicitly defined. In our case, they are learnt during a training period.","PeriodicalId":321308,"journal":{"name":"NOuvelles TEchnologies de la REpartition","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Modeling of information system correlated events time dependencies\",\"authors\":\"Jacques Saraydaryan, V. Legrand, S. Ubéda\",\"doi\":\"10.1145/1416729.1416776\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many works have been carried out in events correlation and intrusion detection. Although they use different methods or correlation approaches, they all highlight the importance of time in their modeling process. In this paper, we suggest a new time consideration for our previous works Bayesian behavior intrusion detection. Using a probabilistic approach, we introduce time consideration in the profile of user/system interactions. This enriched profile will integrate all time dependencies among correlated alerts. Some works provide attack graphs scenarios where time dependencies are explicitly defined. In our case, they are learnt during a training period.\",\"PeriodicalId\":321308,\"journal\":{\"name\":\"NOuvelles TEchnologies de la REpartition\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-06-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"NOuvelles TEchnologies de la REpartition\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1416729.1416776\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOuvelles TEchnologies de la REpartition","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1416729.1416776","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Modeling of information system correlated events time dependencies
Many works have been carried out in events correlation and intrusion detection. Although they use different methods or correlation approaches, they all highlight the importance of time in their modeling process. In this paper, we suggest a new time consideration for our previous works Bayesian behavior intrusion detection. Using a probabilistic approach, we introduce time consideration in the profile of user/system interactions. This enriched profile will integrate all time dependencies among correlated alerts. Some works provide attack graphs scenarios where time dependencies are explicitly defined. In our case, they are learnt during a training period.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
