An Alerts Correlation Technology for Large-Scale Network Intrusion Detection

被引:0
|
作者
Yuan, Jingbo [1 ]
Ding, Shunli [1 ]
机构
[1] NE Univ Qinhuangdao, Inst Informat Management Technol & Applicat, Qinhuangdao, Peoples R China
来源
WEB INFORMATION SYSTEMS AND MINING, PT I | 2011年 / 6987卷
关键词
intrusion detection; alert aggregation; alarm correlation; association rule mining;
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.
引用
收藏
页码:352 / +
页数:2
相关论文
共 50 条
  • [1] Processing Intrusion Detection Alerts in Large-scale Network
    Li, Dong
    Li, Zhitang
    Ma, Jie
    PROCEEDINGS OF THE INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY, 2008, : 545 - 548
  • [2] Modeling network intrusion detection alerts for correlation
    Zhou, Jingmin
    Heckman, Mark
    Reynolds, Brennen
    Carlson, Adam
    Bishop, Matt
    ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2007, 10 (01)
  • [3] Large-scale network intrusion detection based on distributed learning algorithm
    Tian, Daxin
    Liu, Yanheng
    Xiang, Yang
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2009, 8 (01) : 25 - 35
  • [4] Large-scale network intrusion detection algorithm based on distributed learning
    College of Computer Science and Technology, Jilin University, Changchun 130012, China
    不详
    Ruan Jian Xue Bao/Journal of Software, 2008, 19 (04): : 993 - 1003
  • [5] Large-scale network intrusion detection based on distributed learning algorithm
    Daxin Tian
    Yanheng Liu
    Yang Xiang
    International Journal of Information Security, 2009, 8 : 25 - 35
  • [6] Intrusion and misuse detection in large-scale systems
    Erbacher, RF
    Walker, KL
    Frincke, DA
    IEEE COMPUTER GRAPHICS AND APPLICATIONS, 2002, 22 (01) : 38 - 47
  • [7] Intrusion and misuse detection in large-scale systems
    Erbacher, Robert F.
    Walker, Kenneth L.
    Frincke, Deborah A.
    Pollution Engineering, 2002, 34 (02) : 40 - 48
  • [8] Improving the Quality of Alerts with Correlation in Intrusion Detection
    Salim, Lalla Fatima
    Mezrioui, Abdellatif
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2007, 7 (12): : 210 - 215
  • [9] The architecture of the large-scale distributed intrusion detection system
    Chu, YG
    Li, J
    Yang, YX
    PDCAT 2005: SIXTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PROCEEDINGS, 2005, : 130 - 132
  • [10] Correlation of Alerts Using Prerequisites and Consequences for Intrusion Detection
    Mallissery, Sanoop
    Praveen, K.
    Sathar, Shahana
    COMPUTATIONAL INTELLIGENCE AND INFORMATION TECHNOLOGY, 2011, 250 : 662 - +
12345