• Publications
  • Influence
M2D2: A Formal Data Model for IDS Alert Correlation
TLDR
A data model for IDS alert correlation called M2D2 is proposed, which supplies four information types: information related to the characteristics of the monitored information system, information about the vulnerabilities,Information about the security tools used for the monitoring, and information aboutThe events observed. Expand
What If You Can't Trust Your Network Card?
TLDR
It is shown that, depending on the architecture of the adapter and the interface provided by the NIC to the host operating system, building an efficient detection framework is possible and the choices made when designing such a framework are explained and described. Expand
Correlation of Intrusion Symptoms: An Application of Chronicles
TLDR
A multi-alarm misuse correlation component based on the chronicles formalism allows us to reduce the number of alarms shipped to the operator and enhances the quality of the diagnosis provided. Expand
A logic-based model to support alert correlation in intrusion detection
TLDR
A federative data model is proposed for security systems to query and assert knowledge about security incidents and the context in which they occur and constitutes a consistent and formal ground to represent information that is required to reason about complementary evidences, in order to confirm or invalidate alerts raised by intrusion detection systems. Expand
Intrusion detection and virology: an analysis of differences, similarities and complementariness
  • B. Morin, L. Mé
  • Computer Science
  • Journal in Computer Virology
  • 7 February 2007
TLDR
This analysis of the differences, similarities and complementariness which exist between two major domains of nowadays information security: intrusion detection on one hand, virology and anti-viruses technologies on the other hand suggests that alert correlation is one way to make the two fields cooperate. Expand
M4D4: a Logical Framework to Support Alert Correlation in Intrusion Detection
TLDR
A federative data model is proposed for security systems to query and assert knowledge about security incidents and the context in which they occur and constitutes a consistent and formal ground to represent information that is required to reason about complementary evidences, in order to conrm or invalidate alerts raised by intrusion detection systems. Expand
ACPI and SMI handlers: some limits to trusted computing
TLDR
An original mechanism that may be used by attackers to alter the SMI handler is presented, and how rogue functions triggered by an external stimulus can be injected inside ACPI tables are described. Expand
Policy-based intrusion detection in Web applications by monitoring Java information flows
TLDR
JBlare is described, an inline Java monitor that tracks inter-method flows in Java applications that collaborates with Blare, a Monitor that tracks information flow in the whole system at the OS-level that constitutes a policy-based Intrusion Detection System that can address a wide range of attacks. Expand
ACPI: Design Principles and Concerns
TLDR
This paper illustrates how this shift in the global power management model introduces additional threats, especially for trusted platforms, by showing how rootkits can use ACPI to conceal some of their functions. Expand
...
1
2
3
4
...