Section: New Software and Platforms

GNG

Security Supervision by Alert Correlation

Keywords: Intrusion Detection Systems (IDS) - SIEM

Scientific Description: GNG is an intrusion detection system that correlates different sources (such as different logs) in order to identify attacks against the system. The attack scenarios are defined using the Attack Description Langage (ADeLe) proposed by our team, and are internally translated to attack recognition automatons. GNG intends to define time efficient algorithms based on these automatons to recognize complex attack scenarios.

• Partner: CentraleSupélec

• Contact: Eric Totel

• Publication: A Language Driven Intrusion Detection System for Events and Alerts Correlation

• URL: http://www.rennes.supelec.fr/ren/perso/etotel/GNG/index.html