Title :
Multilevel Event Correlation Based on Collaboration and Temporal Causal Correlation
Author :
Gu, Ting ; Xiao, Debao ; Liu, Xuejiao ; Xia, Xue
Author_Institution :
Dept. of Comput. Sci., Huazhong Normal Univ., Wuhan, China
Abstract :
Intrusion detection system (IDS) always focus on low-level attacks and raise attacks independently, though there may be logical connections between them. Meanwhile, the number of alerts becomes unmanageable including actual alerts mixed with false alerts. Therefore, improved techniques are needed. The general idea in this paper is to introduce collaboration achieved by taking advantage of various kinds of contextual information and thus enable IDS to correctly identify successful attacks while simultaneously reducing the number of false positives. In this paper, a multilevel event correlation structure is proposed by firstly assigning each alert a value of confidence using contextual information and then correlates the preprocessed alerts based on improved temporal causal correlation combining with confidence value. At the end, a scenario graph and a high-level alert with final confidence are presented, which indicates the reliability of attacks launched through specific path. Through the experimental results with DARPA Data sets 2000 from Lincoln laboratory, it demonstrates the potential of the proposed techniques.
Keywords :
graph theory; security of data; DARPA Data sets 2000; high-level alert; intrusion detection system; low-level attacks; multilevel event correlation; scenario graph; temporal causal correlation; Classification algorithms; Collaboration; Collaborative work; Computer networks; Computer science; Floods; Information security; Intrusion detection; Laboratories; Network topology;
Conference_Titel :
Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-3692-7
Electronic_ISBN :
978-1-4244-3693-4
DOI :
10.1109/WICOM.2009.5302413
