Title :
An integrated cyber security monitoring system using correlation-based techniques
Author :
Qishi Wu ; Ferebee, D. ; Yunyue Lin ; Dasgupta, D.
Author_Institution :
Dept. of Comput. Sci., Univ. of Memphis, Memphis, TN, USA
Abstract :
We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect time-series situation information, perform intrusion detection, keep track of event evolution, and characterize and identify security events so corresponding defense actions can be taken in a timely and effective manner. Particularly, we employ a decision fusion algorithm with analytically proven performance guarantee for intrusion detection based on local votes from distributed sensors. Different from the traditional rule-based pattern matching technique, security events in the proposed system are represented in a graphical form of correlation networks using random matrix theory and identified through the computation of network similarity measurement. Extensive simulation results on event identification illustrate the efficacy of the proposed system.
Keywords :
random processes; security of data; adaptive cyber security monitoring system; correlation-based technique; decision fusion; distributed sensor; event evolution; intrusion detection; network similarity measurement; random matrix theory; security event identification; time-series situation information; Algorithm design and analysis; Computer security; Information security; Intrusion detection; Monitoring; Pattern matching; Performance analysis; Sensor fusion; Sensor phenomena and characterization; Voting; Cyber security; decision fusion; event correlation; random matrix theory;
Conference_Titel :
System of Systems Engineering, 2009. SoSE 2009. IEEE International Conference on
Conference_Location :
Albuquerque, NM
Print_ISBN :
978-1-4244-4766-4
