An integrated cyber security monitoring system using correlation-based techniques

Author

Qishi Wu ; Ferebee, D. ; Yunyue Lin ; Dasgupta, D.

Author_Institution

Dept. of Comput. Sci., Univ. of Memphis, Memphis, TN, USA

fYear

2009

Firstpage

1

Lastpage

6

Abstract

We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect time-series situation information, perform intrusion detection, keep track of event evolution, and characterize and identify security events so corresponding defense actions can be taken in a timely and effective manner. Particularly, we employ a decision fusion algorithm with analytically proven performance guarantee for intrusion detection based on local votes from distributed sensors. Different from the traditional rule-based pattern matching technique, security events in the proposed system are represented in a graphical form of correlation networks using random matrix theory and identified through the computation of network similarity measurement. Extensive simulation results on event identification illustrate the efficacy of the proposed system.

Keywords

random processes; security of data; adaptive cyber security monitoring system; correlation-based technique; decision fusion; distributed sensor; event evolution; intrusion detection; network similarity measurement; random matrix theory; security event identification; time-series situation information; Algorithm design and analysis; Computer security; Information security; Intrusion detection; Monitoring; Pattern matching; Performance analysis; Sensor fusion; Sensor phenomena and characterization; Voting; Cyber security; decision fusion; event correlation; random matrix theory;

fLanguage

English

Publisher

ieee

Conference_Titel

System of Systems Engineering, 2009. SoSE 2009. IEEE International Conference on

Conference_Location

Albuquerque, NM

Print_ISBN

978-1-4244-4766-4

Type

conf

Filename

5282325