• DocumentCode
    3396958
  • Title

    Scyllarus intrusion detection report correlator and analyzer

  • Author

    Heimerdinger, Walt

  • Author_Institution
    Honeywell ACS Labs., Minneapolis, MN, USA
  • Volume
    2
  • fYear
    2003
  • fDate
    22-24 April 2003
  • Firstpage
    24
  • Abstract
    Scyllarus is technology developed in the Argus project, part of the DARPA Cyber Panel program. Scyllarus uses a dynamic evidence aggregator (DEA) to combine results from multiple intrusion detectors to reduce the false alarm rate and decrease the time required to detect an intrusion. This technology includes Bayesian estimation networks and a calculus based on qualitative probability. The DEA relies upon a knowledge base called the Intrusion Reference Model, containing information about the protected network, its configuration, installed intrusion detection systems (IDSs), and related security goals.
  • Keywords
    belief networks; computer networks; knowledge based systems; military computing; security of data; telecommunication security; Argus project; Bayesian estimation networks; DARPA Cyber Panel program; Intrusion Detection Systems; Intrusion Reference Model; Scyllarus; complex computer network; dynamic evidence aggregator; false alarm rate; hostile activity; intrusion detection report correlator; knowledge base; multiple intrusion detectors; protected network; qualitative probability; security goals; Citation analysis; Computer displays; Computerized monitoring; Condition monitoring; Correlators; Event detection; Information analysis; Information filtering; Information filters; Intrusion detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    DARPA Information Survivability Conference and Exposition, 2003. Proceedings
  • Print_ISBN
    0-7695-1897-4
  • Type

    conf

  • DOI
    10.1109/DISCEX.2003.1194903
  • Filename
    1194903