TY - JOUR A1 - Roschke, Sebastian A1 - Cheng, Feng A1 - Meinel, Christoph T1 - High-quality attack graph-based IDS correlation JF - Logic journal of the IGPL N2 - Intrusion Detection Systems are widely deployed in computer networks. As modern attacks are getting more sophisticated and the number of sensors and network nodes grow, the problem of false positives and alert analysis becomes more difficult to solve. Alert correlation was proposed to analyse alerts and to decrease false positives. Knowledge about the target system or environment is usually necessary for efficient alert correlation. For representing the environment information as well as potential exploits, the existing vulnerabilities and their Attack Graph (AG) is used. It is useful for networks to generate an AG and to organize certain vulnerabilities in a reasonable way. In this article, a correlation algorithm based on AGs is designed that is capable of detecting multiple attack scenarios for forensic analysis. It can be parameterized to adjust the robustness and accuracy. A formal model of the algorithm is presented and an implementation is tested to analyse the different parameters on a real set of alerts from a local network. To improve the speed of the algorithm, a multi-core version is proposed and a HMM-supported version can be used to further improve the quality. The parallel implementation is tested on a multi-core correlation platform, using CPUs and GPUs. KW - Correlation KW - attack graph KW - HMM KW - multi-core KW - IDS Y1 - 2013 U6 - https://doi.org/10.1093/jigpal/jzs034 SN - 1367-0751 VL - 21 IS - 4 SP - 571 EP - 591 PB - Oxford Univ. Press CY - Oxford ER - TY - JOUR A1 - Momtazi, Saeedeh A1 - Naumann, Felix T1 - Topic modeling for expert finding using latent Dirichlet allocation JF - Wiley interdisciplinary reviews : Data mining and knowledge discovery N2 - The task of expert finding is to rank the experts in the search space given a field of expertise as an input query. In this paper, we propose a topic modeling approach for this task. The proposed model uses latent Dirichlet allocation (LDA) to induce probabilistic topics. In the first step of our algorithm, the main topics of a document collection are extracted using LDA. The extracted topics present the connection between expert candidates and user queries. In the second step, the topics are used as a bridge to find the probability of selecting each candidate for a given query. The candidates are then ranked based on these probabilities. The experimental results on the Text REtrieval Conference (TREC) Enterprise track for 2005 and 2006 show that the proposed topic-based approach outperforms the state-of-the-art profile- and document-based models, which use information retrieval methods to rank experts. Moreover, we present the superiority of the proposed topic-based approach to the improved document-based expert finding systems, which consider additional information such as local context, candidate prior, and query expansion. Y1 - 2013 U6 - https://doi.org/10.1002/widm.1102 SN - 1942-4787 VL - 3 IS - 5 SP - 346 EP - 353 PB - Wiley CY - San Fransisco ER -