Learn More
Intrusion Detection System (IDS) is a security technology that attempts to identify intrusions. Defending against multi-step intrusions which prepare for each other is a challenging task. In this paper, we propose a novel approach to alert post-processing and correlation, the Alerts Parser. Different from most other alert correlation methods, our approach(More)
This paper presents a game-theoretic method for analyzing the active defense of computer networks. We regard the interactions between an attacker and the defender as a two-player, non-cooperative, zero-sum, finite game and formulate an attack-defense game (ADG) model for the game. An optimal active defense strategy decision (OADSD) algorithm is developed(More)
Safaa O. Al-Mamory Hong Li Zhang School of Computer Science, School of Computer Science, Harbin Institute of technology, Harbin Institute of technology, Harbin, China Harbin, China Safaa_vb@yahoo.com zhl@pact518.hit.edu.cn Abstract Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for the ease to understand(More)
—With the proliferation of hybrid clouds in both cost-saving and effectiveness, a growing number of users are building their own private cloud. However, private cloud can only provide limited resource, and always resorts to public cloud in order to meet elastic service requirements. Generally, public cloud is operated by commercial service providers (CSPs)(More)
The Intrusion Detection Systems (IDSs) are one of robust systems which can effectively detect penetrations and attacks. However, they generate large number of alarms most of which are false positives. Fortunately, there are reasons for triggering alarms where most of these reasons are not attacks. In this paper, a new approximation algorithm has developed(More)
Network-based and distributed intrusion detection system is aroused by the burst-outs of large-scale abnormal events. How to place detection instruments is the key to the detections. The paper turned the problem of detector placement to that of the clustering of topology graph. A novel bidirectional hierarchical clustering algorithm is put forward, which(More)