{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:49:44Z","timestamp":1740098984934,"version":"3.37.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319681788"},{"type":"electronic","value":"9783319681795"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-68179-5_56","type":"book-chapter","created":{"date-parts":[[2017,11,7]],"date-time":"2017-11-07T06:04:13Z","timestamp":1510034653000},"page":"641-655","source":"Crossref","is-referenced-by-count":0,"title":["Risk Assessment and Alert Prioritization for Intrusion Detection Systems"],"prefix":"10.1007","author":[{"given":"El Mostapha","family":"Chakir","sequence":"first","affiliation":[]},{"given":"Mohamed","family":"Moughit","sequence":"additional","affiliation":[]},{"given":"Youness Idrissi","family":"Khamlichi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,11,8]]},"reference":[{"issue":"1","key":"56_CR1","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1016\/j.cose.2009.06.008","volume":"29","author":"CV Zhou","year":"2010","unstructured":"Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124\u2013140 (2010)","journal-title":"Comput. Secur."},{"key":"56_CR2","doi-asserted-by":"crossref","unstructured":"Jahnke, M., Thul, C., Martini, P.: Graph-based metrics for intrusion response measures in computer networks. In: Proceedings of the 3rd LCN Workshop on Network Security. Held in conjunction with the 32nd IEEE Conference on Local Computer Networks (LCN), Dublin, Ireland, pp. 1035\u20131042 (2007)","DOI":"10.1109\/LCN.2007.45"},{"key":"56_CR3","doi-asserted-by":"crossref","unstructured":"Kanoun, W., Cuppens-Boulahia, N., Cuppens, F., Araujo, J.: Automated reaction based on risk analysis and attacker\u2019s skills in intrusion detection systems. In: Third International Conference on Risks and Security of Internet and Systems, pp. 117\u2013124 (2008)","DOI":"10.1109\/CRISIS.2008.4757471"},{"key":"56_CR4","doi-asserted-by":"crossref","unstructured":"Mu, C.P., Li, X.J., Huang, H.K., Tian, S.F.: Online risk assessment of intrusion scenarios using D-S evidence theory. In: Proceedings of the 13th European Symposium on Research in Computer Security, Malaga, Spain, pp. 35\u201348 (2008)","DOI":"10.1007\/978-3-540-88313-5_3"},{"key":"56_CR5","doi-asserted-by":"crossref","unstructured":"Gehani, A., Kedem, G.: Rheostat: real-time risk management. In: 7th International Symposium on Recent Advances in Intrusion Detection, (RAID 2004), France, pp. 296\u2013314 (2004)","DOI":"10.1007\/978-3-540-30143-1_16"},{"key":"56_CR6","doi-asserted-by":"crossref","unstructured":"Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems. Technical report, NIST: National Institute of Standards and Technology, U.S. Department of Commerce (2007)","DOI":"10.6028\/NIST.SP.800-94"},{"issue":"3","key":"56_CR7","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1016\/j.cose.2005.09.004","volume":"25","author":"S Lee","year":"2006","unstructured":"Lee, S., Chung, B., Kim, H., Lee, Y., Park, C., Yoon, H.: Real-time analysis of intrusion detection alerts via correlation. Comput. Secur. 25(3), 169\u2013183 (2006)","journal-title":"Comput. Secur."},{"key":"56_CR8","doi-asserted-by":"crossref","unstructured":"Anuar, N.B., Sallehudin, H., Gani, A., Zakaria, O.: Identifying false alarm for network intrusion detection system using hybrid data mining and decision tree. Malays. J. Comput. Sci., 110\u2013115 (2008). ISSN 0127-9084","DOI":"10.22452\/mjcs.vol21no2.3"},{"key":"56_CR9","doi-asserted-by":"crossref","unstructured":"Lazarevic, A., Ertz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the Third SIAM International Conference on Data Mining (2003)","DOI":"10.1137\/1.9781611972733.3"},{"issue":"1","key":"56_CR10","first-page":"88","volume":"5","author":"F Xiao","year":"2010","unstructured":"Xiao, F., Jin, S., Li, X.: A novel data mining-based method for alert reduction and analysis. J. Netw. 5(1), 88\u201397 (2010)","journal-title":"J. Netw."},{"issue":"1","key":"56_CR11","first-page":"60","volume":"2","author":"AO Adetunmbi","year":"2008","unstructured":"Adetunmbi, A.O., Falaki, S.O., Adewale, O.S., Alese, B.K.: Network intrusion detection based on rough set and k-nearest neighbour. Int. J. Comput. ICT Res. 2(1), 60\u201366 (2008)","journal-title":"Int. J. Comput. ICT Res."},{"key":"56_CR12","volume-title":"Data Mining: Concepts and Techniques","author":"J Han","year":"2006","unstructured":"Han, J., Kamber, M.: Data Mining: Concepts and Techniques, 2nd edn. Elsevier, San Francisco (2006)","edition":"2"},{"key":"56_CR13","doi-asserted-by":"crossref","unstructured":"Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications, pp. 428\u2013435. IEEE Computer Society, Washington, DC (2007)","DOI":"10.1109\/AINA.2007.9"},{"key":"56_CR14","unstructured":"Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: International Conference on Dependable Systems and Networks, pp. 508\u2013517 (2005)"},{"key":"56_CR15","doi-asserted-by":"crossref","unstructured":"Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC08) (2008)","DOI":"10.1007\/978-3-540-70567-3_22"},{"key":"56_CR16","doi-asserted-by":"crossref","unstructured":"Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: Proceedings of the 21st Annual Computer Security Conference (ACSAC), pp. 160\u2013169 (2005)","DOI":"10.1109\/CSAC.2005.58"},{"issue":"15","key":"56_CR17","doi-asserted-by":"crossref","first-page":"2917","DOI":"10.1016\/j.comcom.2006.04.001","volume":"29","author":"L Wang","year":"2006","unstructured":"Wang, L., Liu, A., Jajodia, S.: Using attack graph for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29(15), 2917\u20132933 (2006)","journal-title":"Comput. Commun."},{"key":"56_CR18","doi-asserted-by":"crossref","unstructured":"Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost sensitive intrusion response. In: Proceedings of the 15th European Conference on Research in Computer Security, pp. 626\u2013642 (2010)","DOI":"10.1007\/978-3-642-15497-3_38"},{"key":"56_CR19","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Ortalo, R.: Lambda: a language to model a database for detection of attacks. In: Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), pp. 197\u2013216, Toulouse, France (2000)","DOI":"10.1007\/3-540-39945-3_13"},{"key":"56_CR20","doi-asserted-by":"crossref","first-page":"158","DOI":"10.1016\/j.cose.2012.09.013","volume":"32","author":"S Wang","year":"2013","unstructured":"Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput. Secur. 32, 158\u2013169 (2013)","journal-title":"Comput. Secur."},{"key":"56_CR21","doi-asserted-by":"crossref","unstructured":"Toth,T., Kregel, C.: Evaluating the impact of automated intrusion response mechanisms. In: Proceedings of the 18th Annual Computer Security Applications Conference, Los Alamitos, USA (2002)","DOI":"10.1109\/CSAC.2002.1176302"},{"key":"56_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/11596981_57","volume-title":"Computational Intelligence and Security","author":"A \u00c5rnes","year":"2005","unstructured":"\u00c5rnes, A., Sallhammar, K., Haslum, K., Brekne, T., Moe, M.E.G., Knapskog, S.J.: Real-time risk assessment with network sensors and intrusion detection systems. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS, vol. 3802, pp. 388\u2013397. Springer, Heidelberg (2005). doi: 10.1007\/11596981_57"},{"key":"56_CR23","doi-asserted-by":"crossref","unstructured":"Haslum, K., Abraham, A., Knapskog, S.: Fuzzy online risk assessment for distributed intrusion prediction and prevention systems. In: Tenth International Conference on Computer Modeling and Simulation, pp. 216\u2013223. IEEE Computer Society Press, Cambridge (2008)","DOI":"10.1109\/UKSIM.2008.30"},{"key":"56_CR24","unstructured":"Chakir, E., Youness, I.K., Moughit, M.: False positives reduction in intrusion detection systems using alert correlation and datamining techniques. In: IJARCSSE, vol. 5, Issue 4 (2015). ISSN 2277 128X"},{"issue":"1","key":"56_CR25","first-page":"247","volume":"29","author":"CC Lo","year":"2012","unstructured":"Lo, C.C., Chen, W.J.: A hybrid information security risk assessment procedure considering interdependences between controls. Expert Syst. Appl. 29(1), 247\u2013257 (2012)","journal-title":"Expert Syst. Appl."},{"key":"56_CR26","doi-asserted-by":"crossref","unstructured":"Clifton, C., Gengo, G.: Developing custom intrusion detection filters using data mining. In: 21st Century Military Communications Conference Proceedings, MILCOM 2000 (2000)","DOI":"10.1109\/MILCOM.2000.904991"},{"key":"56_CR27","doi-asserted-by":"crossref","first-page":"251","DOI":"10.3233\/IDA-2010-0466","volume":"15","author":"V Engen","year":"2011","unstructured":"Engen, V., Vincent, J., Phalp, K.: Exploring discrepancies in findings obtained with the KDD Cup 99 data set. Intell. Data Anal. 15, 251\u2013276 (2011)","journal-title":"Intell. Data Anal."},{"key":"56_CR28","unstructured":"The Snort Project, Snort user\u2019s manual 3 (2016)"},{"key":"56_CR29","doi-asserted-by":"crossref","unstructured":"Chakir, E., Khamlichi, Y.I., Moughit, M.: Handling alert for intrusion detection system using stateful pattern matching. In: Proceedings of the 4th IEEE International Colloquium on Information Science and Technology (CiSt 2016), pp. 139\u2013144 (2016)","DOI":"10.1109\/CIST.2016.7805031"},{"key":"56_CR30","doi-asserted-by":"crossref","unstructured":"Shameli-Sendi, A., et al.: Taxonomy of Intrusion Risk Assessment and Response System, vol. 45, pp. 1\u201316. Elsevier, September 2014","DOI":"10.1016\/j.cose.2014.04.009"},{"key":"56_CR31","unstructured":"Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). http:\/\/www.ietf.org\/rfc\/rfc4765.txt"},{"key":"56_CR32","doi-asserted-by":"crossref","unstructured":"Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to INFOSEC alarm correlation. In: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), pp. 95\u2013114 (2002)","DOI":"10.1007\/3-540-36084-0_6"},{"key":"56_CR33","doi-asserted-by":"crossref","unstructured":"Yu, J., et al.: TRINETR: an intrusion detection alert management system. In: WETICE 2004 (Washington, DC, USA) (2004)","DOI":"10.1109\/ENABL.2004.76"},{"key":"56_CR34","doi-asserted-by":"crossref","unstructured":"Qin, X., Lee, W.: Statistical causality analysis of infosec alert data. In: RAID, pp. 73\u201393 (2003)","DOI":"10.1007\/978-3-540-45248-5_5"},{"key":"56_CR35","doi-asserted-by":"crossref","unstructured":"Alsubhi, K., et al.: Alert prioritization in Intrusion detection systems. In: IEEE Xplore Conference: Network Operations and Management Symposium (2008)","DOI":"10.1109\/NOMS.2008.4575114"},{"key":"56_CR36","unstructured":"Anuar, N.B., Furnell, S., Papadaki, M., Clarke, N.: A risk index model for security incident prioritization. In: Originally published in the Proceedings of the 9th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 5th\u20137th December 2011"},{"key":"56_CR37","doi-asserted-by":"crossref","unstructured":"Dondo, M.G.: A vulnerability prioritization system using a fuzzy risk analysis approach. In: Proceedings of the 23rd International Information Security Conference, Milano, Italy, pp. 525\u2013539 (2008)","DOI":"10.1007\/978-0-387-09699-5_34"}],"container-title":["Lecture Notes in Computer Science","Ubiquitous Networking"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-68179-5_56","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,5]],"date-time":"2019-10-05T15:04:37Z","timestamp":1570287877000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-68179-5_56"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319681788","9783319681795"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-68179-5_56","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}