@inproceedings{054be60558b94d8eaad196146234c9e2,
title = "A graph similarity-based approach to security event analysis using correlation techniques",
abstract = "Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize and identify security events. Diverging from the traditional rule- or statistical-based pattern matching techniques, the proposed mechanism represents security events in a graphical form of correlation networks and identifies security events through the computation of graph similarity measurements to eliminate the need for constructing user or system profiles. These technical components take fundamentally different approaches from traditional empirical or statistical methods and are designed based on rigorous computational analysis with mathematically proven performance guarantee. The performance superiority of the proposed mechanism is demonstrated by extensive simulation and experimental results.",
keywords = "Correlation, Graph similarity, Intrusion detection, Random matrix theory",
author = "Qishi Wu and Yi Gu and Xiaohui Cui and Praneeth Moka and Yunyue Lin",
year = "2010",
doi = "10.1109/GLOCOM.2010.5683648",
language = "English (US)",
isbn = "9781424456383",
series = "GLOBECOM - IEEE Global Telecommunications Conference",
booktitle = "2010 IEEE Global Telecommunications Conference, GLOBECOM 2010",
note = "53rd IEEE Global Communications Conference, GLOBECOM 2010 ; Conference date: 06-12-2010 Through 10-12-2010",
}