| Computer Science Laboratory | |
| Contact | |
 | People at CSL |
| Projects at CSL |
| Research Programs |
| Division Home | |
 A Mission-Impact-Based Approach to INFOSEC Alarm Correlation by Martin Fong, Phillip Porras & Alfonso Valdes. From Lecture Notes in Computer Science, Proceedings Recent Advances in Intrusion Detection. Abstract We describe a mission-impact-based approach to the analysis of security alerts produced by spatially distributed heterogeneous information security (INFOSEC) devices, such as firewalls, intrusion detection systems, authentication services, and antivirus software. The intent of this work is to deliver an automated capability to reduce the time and cost of managing multiple INFOSEC devices through a strategy of topology analysis, alert prioritization, and common at-tribute-based alert aggregation. Our efforts to date have led to the development of a prototype system called the Mission Impact Intrusion Report Correlation Sys-tem, or M-Correlator. M-Correlator is intended to provide analysts (at all experience levels) a powerful capability to automatically fuse together and isolate those INFOSEC alerts that represent the greatest threat to the health and security of their networks.BibTEX Entry @InProceedings{MCorrelator,
AUTHOR = {Phillip {A.} Porras and Martin {W.} Fong and and Alfonso Valdes},
TITLE = {{A} Mission-Impact-Based Approach to {INFOSEC} Alarm Correlation},
YEAR = {2002},
PAGES = {95-114},
MONTH = {October},
ADDRESS = {Zurich, Switzerland},
URL = {http://www.csl.sri.com/papers/mcorrelator/},
BOOKTITLE = {Lecture Notes in Computer Science, Proceedings Recent Advances in Intrusion Detection},
KEYWORDS = {Network security, sensor correlation, alert management, mission-impact, security policy}
}
Files |
||||
About Us 
R&D Divisions
Careers
Newsroom
Contact Us
©
2024 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy