BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation Guofei Gu1 , Phillip Porras2 , Vinod Yegneswaran2 , Martin Fong2 , Wenke Lee1 1 College of Computing Georgia Institute of Technology

Source URL: www.cyber-ta.org

• Computing
• Computer network security
• Cyberwarfare
• Computer security
• Multi-agent systems
• Spamming
• Intrusion detection system
• Malware
• Computer virus
• Botnet
• Alert correlation
• Infection

BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation Guofei Gu1 , Phillip Porras2 , Vinod Yegneswaran2 , Martin Fong2 , Wenke Lee1 1 College of Computing Georgia Institute of Technology

Source URL: faculty.cs.tamu.edu

• Computing
• Computer security
• Computer network security
• Security engineering
• Cyberwarfare
• Intrusion detection system
• System administration
• Botnet
• Computer virus
• Malware
• Alert correlation
• Bro

Building Attack Scenarios through Integration of Complementary Alert Correlation Methods ∗ Peng Ning, Dingbang Xu, Christopher G. Healey, and Robert St. Amant Cyber Defense Laboratory Department of Computer Science Nor

Source URL: www.csc.ncsu.edu

Building Attack Scenarios through Integration of Complementary Alert Correlation Methods ∗ Peng Ning, Dingbang Xu, Christopher G. Healey, and Robert St. Amant Cyber Defense Laboratory Department of Computer Science Nor

Source URL: www.isoc.org

Alert Correlation through Triggering Events and Common Resources ∗ Dingbang Xu and Peng Ning Cyber Defense Laboratory Department of Computer Science North Carolina State University Raleigh, NC

Source URL: discovery.csc.ncsu.edu

• Alert messaging
• Cluster analysis
• Attack patterns
• Computer cluster
• Computing
• Statistics
• Alert correlation

Techniques and Tools for Analyzing Intrusion Alerts PENG NING, YUN CUI, DOUGLAS S. REEVES, and DINGBANG XU North Carolina State University Traditional intrusion detection systems (IDSs) focus on low-level attacks or anom

Source URL: discovery.csc.ncsu.edu

• Computing
• Hacking
• Software testing
• Alert correlation
• Attack
• Alert messaging
• Buffer overflow
• Vulnerability
• Denial-of-service attack
• Cyberwarfare
• Computer security
• Computer network security

Reasoning about Complementary Intrusion Evidence∗ Yan Zhai, Peng Ning, Purush Iyer, Douglas S. Reeves Cyber Defense Laboratory Department of Computer Science North Carolina State University Raleigh, NC

Source URL: discovery.csc.ncsu.edu

• Computing
• Intrusion detection system
• Alert correlation
• Thresh
• Bayesian network
• Snort
• Intrusion detection system evasion techniques
• Computer network security
• Software
• System software

A Flexible Approach to Intrusion Alert Anonymization and Correlation Dingbang Xu and Peng Ning Cyber Defense Laboratory Department of Computer Science North Carolina State University Raleigh, NC

Source URL: discovery.csc.ncsu.edu

• Theoretical computer science
• Rough set
• Attribute grammar
• Alert messaging
• Internet privacy
• Privacy
• Attribute
• Lookup table
• Computing
• Computer programming
• Ethics

Constructing Attack Scenarios through Correlation of Intrusion Alerts Peng Ning Yun Cui

Source URL: discovery.csc.ncsu.edu

• Denial-of-service attack
• Computing
• Computer network security
• Alert correlation
• Alert messaging

Learning Attack Strategies from Intrusion Alerts∗ Peng Ning and Dingbang Xu Cyber Defense Laboratory Department of Computer Science North Carolina State University Raleigh, NC

Source URL: discovery.csc.ncsu.edu

• Alert correlation
• Graph isomorphism
• Graph
• Degree
• Subgraph isomorphism problem
• Graph theory
• Mathematics
• Theoretical computer science