FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2189476992> ?p ?o ?g. }

• W2189476992 abstract "Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion alerts collected in a production network, we want to detect with a small number of false positives hosts within the network that have been infected by malware. Solving this problem is essential not only for reducing the falsepositive rate of IDSs, but also for labeling traces collected in the wild with information about validated security incidents. We use a 9-month long dataset of IDS alerts and we first build a novel heuristic to detect infected hosts from the on average 3 million alerts we observe per day. Our heuristic uses a statistical measure to find hosts that exhibit a repeated multi-stage malicious footprint involving specific classes of alerts. A significant part of our work is devoted to the validation of our heuristic. We conduct a complex experiment to assess the security of suspected infected systems in a production environment using data from several independent sources, including intrusion alerts, blacklists, host scanning logs, vulnerability reports, and search engine queries. We find that the false positive rate of our heuristic is 15% and analyze in-depth the root causes of the false positives. Having validated our heuristic, we apply it to our entire trace, and characterize various important properties of 9 thousand infected hosts in total. For example, we find that among the infected hosts, a small number of heavy hitters originate most outbound attacks and that future infections are more likely to occur close to already infected hosts." @default.
• W2189476992 created "2016-06-24" @default.
• W2189476992 creator A5043655606 @default.
• W2189476992 creator A5080514654 @default.
• W2189476992 date "2011-01-01" @default.
• W2189476992 modified "2023-09-27" @default.
• W2189476992 title "Detecting, Validating and Characterizing C omputer Infections in the Wild" @default.
• W2189476992 cites W1495304983 @default.
• W2189476992 cites W1498585374 @default.
• W2189476992 cites W1506124881 @default.
• W2189476992 cites W1515180657 @default.
• W2189476992 cites W1554596310 @default.
• W2189476992 cites W1556507321 @default.
• W2189476992 cites W1587979610 @default.
• W2189476992 cites W1591333027 @default.
• W2189476992 cites W1602380388 @default.
• W2189476992 cites W1621186777 @default.
• W2189476992 cites W177666592 @default.
• W2189476992 cites W1968519345 @default.
• W2189476992 cites W1999427165 @default.
• W2189476992 cites W1999448603 @default.
• W2189476992 cites W2016559036 @default.
• W2189476992 cites W2044384431 @default.
• W2189476992 cites W2096030967 @default.
• W2189476992 cites W2099321136 @default.
• W2189476992 cites W2100846830 @default.
• W2189476992 cites W2108513376 @default.
• W2189476992 cites W2108867737 @default.
• W2189476992 cites W2128116119 @default.
• W2189476992 cites W2136561182 @default.
• W2189476992 cites W2136695760 @default.
• W2189476992 cites W2137928260 @default.
• W2189476992 cites W2141200504 @default.
• W2189476992 cites W2142595254 @default.
• W2189476992 cites W2161830378 @default.
• W2189476992 cites W2163034159 @default.
• W2189476992 hasPublicationYear "2011" @default.
• W2189476992 type Work @default.
• W2189476992 sameAs 2189476992 @default.
• W2189476992 citedByCount "0" @default.
• W2189476992 crossrefType "journal-article" @default.
• W2189476992 hasAuthorship W2189476992A5043655606 @default.
• W2189476992 hasAuthorship W2189476992A5080514654 @default.
• W2189476992 hasConcept C111919701 @default.
• W2189476992 hasConcept C119857082 @default.
• W2189476992 hasConcept C124101348 @default.
• W2189476992 hasConcept C126831891 @default.
• W2189476992 hasConcept C127705205 @default.
• W2189476992 hasConcept C132943942 @default.
• W2189476992 hasConcept C154945302 @default.
• W2189476992 hasConcept C166957645 @default.
• W2189476992 hasConcept C173801870 @default.
• W2189476992 hasConcept C182590292 @default.
• W2189476992 hasConcept C18903297 @default.
• W2189476992 hasConcept C205649164 @default.
• W2189476992 hasConcept C35525427 @default.
• W2189476992 hasConcept C38652104 @default.
• W2189476992 hasConcept C41008148 @default.
• W2189476992 hasConcept C541664917 @default.
• W2189476992 hasConcept C64869954 @default.
• W2189476992 hasConcept C86803240 @default.
• W2189476992 hasConcept C95713431 @default.
• W2189476992 hasConcept C95922358 @default.
• W2189476992 hasConceptScore W2189476992C111919701 @default.
• W2189476992 hasConceptScore W2189476992C119857082 @default.
• W2189476992 hasConceptScore W2189476992C124101348 @default.
• W2189476992 hasConceptScore W2189476992C126831891 @default.
• W2189476992 hasConceptScore W2189476992C127705205 @default.
• W2189476992 hasConceptScore W2189476992C132943942 @default.
• W2189476992 hasConceptScore W2189476992C154945302 @default.
• W2189476992 hasConceptScore W2189476992C166957645 @default.
• W2189476992 hasConceptScore W2189476992C173801870 @default.
• W2189476992 hasConceptScore W2189476992C182590292 @default.
• W2189476992 hasConceptScore W2189476992C18903297 @default.
• W2189476992 hasConceptScore W2189476992C205649164 @default.
• W2189476992 hasConceptScore W2189476992C35525427 @default.
• W2189476992 hasConceptScore W2189476992C38652104 @default.
• W2189476992 hasConceptScore W2189476992C41008148 @default.
• W2189476992 hasConceptScore W2189476992C541664917 @default.
• W2189476992 hasConceptScore W2189476992C64869954 @default.
• W2189476992 hasConceptScore W2189476992C86803240 @default.
• W2189476992 hasConceptScore W2189476992C95713431 @default.
• W2189476992 hasConceptScore W2189476992C95922358 @default.
• W2189476992 hasLocation W21894769921 @default.
• W2189476992 hasOpenAccess W2189476992 @default.
• W2189476992 hasPrimaryLocation W21894769921 @default.
• W2189476992 hasRelatedWork W1510326104 @default.
• W2189476992 hasRelatedWork W1512105866 @default.
• W2189476992 hasRelatedWork W1551705282 @default.
• W2189476992 hasRelatedWork W1983776999 @default.
• W2189476992 hasRelatedWork W2024930518 @default.
• W2189476992 hasRelatedWork W2044384431 @default.
• W2189476992 hasRelatedWork W2115967611 @default.
• W2189476992 hasRelatedWork W2128820079 @default.
• W2189476992 hasRelatedWork W2157949690 @default.
• W2189476992 hasRelatedWork W2350176198 @default.
• W2189476992 hasRelatedWork W2784291098 @default.
• W2189476992 hasRelatedWork W2794460302 @default.
• W2189476992 hasRelatedWork W2904885747 @default.
• W2189476992 hasRelatedWork W2913857451 @default.

• next