Title :
Scyllarus intrusion detection report correlator and analyzer
Author :
Heimerdinger, Walt
Author_Institution :
Honeywell ACS Labs., Minneapolis, MN, USA
Abstract :
Scyllarus is technology developed in the Argus project, part of the DARPA Cyber Panel program. Scyllarus uses a dynamic evidence aggregator (DEA) to combine results from multiple intrusion detectors to reduce the false alarm rate and decrease the time required to detect an intrusion. This technology includes Bayesian estimation networks and a calculus based on qualitative probability. The DEA relies upon a knowledge base called the Intrusion Reference Model, containing information about the protected network, its configuration, installed intrusion detection systems (IDSs), and related security goals.
Keywords :
belief networks; computer networks; knowledge based systems; military computing; security of data; telecommunication security; Argus project; Bayesian estimation networks; DARPA Cyber Panel program; Intrusion Detection Systems; Intrusion Reference Model; Scyllarus; complex computer network; dynamic evidence aggregator; false alarm rate; hostile activity; intrusion detection report correlator; knowledge base; multiple intrusion detectors; protected network; qualitative probability; security goals; Citation analysis; Computer displays; Computerized monitoring; Condition monitoring; Correlators; Event detection; Information analysis; Information filtering; Information filters; Intrusion detection;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194903
