• DocumentCode
    2109907
  • Title

    Multilevel Event Correlation Based on Collaboration and Temporal Causal Correlation

  • Author

    Gu, Ting ; Xiao, Debao ; Liu, Xuejiao ; Xia, Xue

  • Author_Institution
    Dept. of Comput. Sci., Huazhong Normal Univ., Wuhan, China
  • fYear
    2009
  • fDate
    24-26 Sept. 2009
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    Intrusion detection system (IDS) always focus on low-level attacks and raise attacks independently, though there may be logical connections between them. Meanwhile, the number of alerts becomes unmanageable including actual alerts mixed with false alerts. Therefore, improved techniques are needed. The general idea in this paper is to introduce collaboration achieved by taking advantage of various kinds of contextual information and thus enable IDS to correctly identify successful attacks while simultaneously reducing the number of false positives. In this paper, a multilevel event correlation structure is proposed by firstly assigning each alert a value of confidence using contextual information and then correlates the preprocessed alerts based on improved temporal causal correlation combining with confidence value. At the end, a scenario graph and a high-level alert with final confidence are presented, which indicates the reliability of attacks launched through specific path. Through the experimental results with DARPA Data sets 2000 from Lincoln laboratory, it demonstrates the potential of the proposed techniques.
  • Keywords
    graph theory; security of data; DARPA Data sets 2000; high-level alert; intrusion detection system; low-level attacks; multilevel event correlation; scenario graph; temporal causal correlation; Classification algorithms; Collaboration; Collaborative work; Computer networks; Computer science; Floods; Information security; Intrusion detection; Laboratories; Network topology;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on
  • Conference_Location
    Beijing
  • Print_ISBN
    978-1-4244-3692-7
  • Electronic_ISBN
    978-1-4244-3693-4
  • Type

    conf

  • DOI
    10.1109/WICOM.2009.5302413
  • Filename
    5302413