[1]HAINES J, RYDER DK. Validation of sensor alert correlators [J]. IEEE Security & Privacy, 2003,1(1):46-56.
[2]KLIGER S, YEMINI S. A coding approach to event correlation [A]. Proceedings of 4th International Symposium on Integrated Network Management (IFIP/IEEE) [C]. Santa Barbara, CA, 1995.
[3]GRUSCHKE B. Integrated event management:event correlation using dependency graphs [A]. DSOM'98 [C], 1998.
[4]HASAN M, SUGLA B, VISWANATHAN R. A conceptual framework for network management event correlation and filtering systems [A]. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Management [C], 1999.
[5]LIU G, MOK AK, YANG EJ. Composite event for network event correlation [A]. Proceedings of IM'99 [C], 1999.
[6]OHSIE D, MAYER A, KLIGER S. Event modeling with the MODEL language:A tutorial introduction [EB/OL]. http://www.smarts.com/resources/code_tpapers_model.pdf, 2004-12.
[7]CUPPENS F,MIEGE A. Alert correlation in a cooperative intrusion detection framework [A]. Proceedings of the 2002 IEEE Symposium on Security and Privacy [C], 2002.
[8]GULA R. Correlating IDS alerts with vulnerability information [EB/OL]. http:// www.tenablesecurity.com/white_papers/va-ids.pdf, 2004-12.
[9]
DEBAR H, WESPI A. Aggregation and Correlation of Intrusion-Detection Alerts [A]. RAID 2001,LNCS 2212 [C],2001. 85-103.
[10]LEE W, STOLFO SJ. A framework for constructing features and models for intrusion detection systems [J]. ACM Transactions on information and system security, 2000,3(4):227-261.
[11]STOLFO SJ, LEE W. Data mining-based intrusion detectors:An overview of the Columbia IDS project [J]. SIGMOD Record, 2001,30(4):5-14.
[12]LEE W, STOLFO SJ. Real time data mining-based intrusion detection [A]. Proceedings of DISCEX II [C], 2001.
[13]LOCASTO ME, PAREKH JJ, STOLFO S. CUCS-012-04, Collaborative distributed intrusion detection [R], 2004.
|