Paper:

Write two pages for each topic supported by technical work (with screenshots) of the two topics below:
1.

Auto-Correlation of IDS Alerts. Intrusion detection systems (IDSs) have been important in
reporting anticipated attacks hence providing the necessary information usable to avoid potential harmful
threats. However, it has been noticed that some of the alerts brought by IDSs are occasionally phony or
attacks may miss after a threat has been reported. Therefore, it is necessary to develop alternative
complimentary systems that can give prompt alerts in case IDSs fails to report a critical attack in time.
Because of the different alerts formats, standard formats where suggested such as Intrusion detection
message Exchange format (IDMEF) Intrusion detection systems. Researchers have been suggesting ways
to deal with that large number of heterogeneous, inaccurate, and useless alerts to make the security
administrators job easier. Aggregating and grouping related alerts is one solution [2].

2. Malware Analysis for Detecting Cyber-threats in the UAE. A malware is a sort of malicious software
that is used for conducting illegitimate and malicious activities over the Internet. Most Cyber-attacks
exploit the existing IP addressing and DNS systems for targeting victim machines. The goal of this project
is to help in the detection and prediction of Cyber-attacks, by relying on data mining and machine learning
techniques for calculating the reputation of IP addresses and IP domains. The gathered Cyber intelligence
will be used to provide recommendations to UAE financial institutions, law enforcement agencies, and
Internet Service Providers. Such recommendations could play an important role in the protection of the
UAEs national Cyber infrastructure against hostile Cyber activities.
List all the citations referenced in your paper (6). You will lose 2 points for each missing or dangling
reference (i.e., the reference not cited in the main text)

CIT 515
Project

References

[1] Yu, J., Xue, Y., Li, J. Memory Efficient String Matching Algorithm for Network Intrusion Management System (2007) Tsinghua
Science
and Technology, 12 (5), pp. 585-593.
http://discovery.csc.ncsu.edu/~pning/Courses/csc774 -S08/presentations/7_PRECIP_towards_practical.pdf
[2] Valeur, F.; Vigna, Giovanni; Kruegel, C.; Kemmerer, R.A, "Comprehensive approach to intrusion detection alert correlation,"
Dependable and Secure Computing, IEEE Transactions on , vol.1, no.3, pp.146,169, July-Sept. 2004 doi: 10.1109/TDSC.2004.21
https://escholarship.org/uc/item/3r33v62n.pdf
[3] Roxana Geambasu, Tadayoshi Kohno, Amit Levy, Henry M. Levy. Vanish: Increasing Data Privacy with Self -Destructing Data. In
Proceedings of the USENIX Security Symposium, Montreal, Canada, August
2009. http://vanish.cs.washington.edu/pubs/usenixsec09 -geambasu.pdf
S. Hao, N. Feamster and R. Pandrangi. "Monitoring the initial DNS behavior of malicious domains". 2011
[4] B. Waters, A. Juels, J. Halderman, and E. Felten, "New Client Puzzle Outsourcing Techniques for DoS Resistance." In Procee dings of
the 11th ACM Conference on Computer and Communications Security (CCS '04), 246-256. Wireless Security
http://www.just.edu.jo/munzer/Courses/INCS741/project/puzzle -ccs04.pdf
[5] S. Hao, N. Feamster and R. Pandrangi. "Monitoring the initial DNS behavior of malicious domains". 2011

CIT 515
Project