An Alerts Correlation Technology for Large-Scale Network Intrusion Detection

被引：0

作者：

Yuan, Jingbo ^{[1
]}

Ding, Shunli ^{[1
]}

机构：

[1] NE Univ Qinhuangdao, Inst Informat Management Technol & Applicat, Qinhuangdao, Peoples R China

来源：

WEB INFORMATION SYSTEMS AND MINING, PT I | 2011年 / 6987卷

关键词：

intrusion detection; alert aggregation; alarm correlation; association rule mining;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.

引用

页码：352 / +

页数：2

共 5 条

[1]

Ektefa Mohammadreza, 2010, Proceedings of the 2010 International Conference on Information Retrieval and Knowledge Management (CAMP 2010), P200, DOI 10.1109/INFRKM.2010.5466919

[2]

Gorton D., 2003, THESIS CHALMERS U TE

[3]

Han JW, 2000, SIGMOD RECORD, V29, P1

[4] Intrusion Detection Based on Data Mining [J].

Oreku, George S. ;

Mtenzi, Fredrick J. .

EIGHTH IEEE INTERNATIONAL CONFERENCE ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, PROCEEDINGS, 2009, :696-701

[5]

Treinen JJ, 2006, LECT NOTES COMPUT SC, V4219, P1

← 1 →