DocumentCode
3396958
Title
Scyllarus intrusion detection report correlator and analyzer
Author
Heimerdinger, Walt
Author_Institution
Honeywell ACS Labs., Minneapolis, MN, USA
Volume
2
fYear
2003
fDate
22-24 April 2003
Firstpage
24
Abstract
Scyllarus is technology developed in the Argus project, part of the DARPA Cyber Panel program. Scyllarus uses a dynamic evidence aggregator (DEA) to combine results from multiple intrusion detectors to reduce the false alarm rate and decrease the time required to detect an intrusion. This technology includes Bayesian estimation networks and a calculus based on qualitative probability. The DEA relies upon a knowledge base called the Intrusion Reference Model, containing information about the protected network, its configuration, installed intrusion detection systems (IDSs), and related security goals.
Keywords
belief networks; computer networks; knowledge based systems; military computing; security of data; telecommunication security; Argus project; Bayesian estimation networks; DARPA Cyber Panel program; Intrusion Detection Systems; Intrusion Reference Model; Scyllarus; complex computer network; dynamic evidence aggregator; false alarm rate; hostile activity; intrusion detection report correlator; knowledge base; multiple intrusion detectors; protected network; qualitative probability; security goals; Citation analysis; Computer displays; Computerized monitoring; Condition monitoring; Correlators; Event detection; Information analysis; Information filtering; Information filters; Intrusion detection;
fLanguage
English
Publisher
ieee
Conference_Titel
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN
0-7695-1897-4
Type
conf
DOI
10.1109/DISCEX.2003.1194903
Filename
1194903
Link To Document