Title :
An Intrinsic Graphical Signature Based on Alert Correlation Analysis for Intrusion Detection
Author :
Pao, Hsing-Kuo ; Mao, Ching-Hao ; Lee, Hahn-Ming ; Chen, Chi-Dong ; Faloutsos, Christos
Author_Institution :
Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
Abstract :
We propose a graphical signature for intrusion detection given alert sequences. By correlating alerts with their temporal proximity, we build a probabilistic graph-based model to describe a group of alerts that form an attack or normal behavior. Using the models, we design a pairwise measure based on manifold learning to measure the dissimilarities between different groups of alerts. A large dissimilarity implies different behaviors between the two groups of alerts. Such measure can therefore be combined with regular classification methods for intrusion detection. We evaluate our framework mainly on Acer 2007, a private dataset gathered from a well-known Security Operation Center in Taiwan. The performance on the real data suggests that the proposed method can achieve high detection accuracy. Moreover, the graphical structures and the representation from manifold learning naturally provide the visualized result suitable for further analysis from domain experts.
Keywords :
digital signatures; graph theory; learning (artificial intelligence); Acer 2007; alert correlation analysis; intrinsic graphical signature; intrusion detection; manifold learning; probabilistic graph-based model; security operation center; Isomap; Markov model; alert correlation; correlation graph; intrusion detection;
Conference_Titel :
Technologies and Applications of Artificial Intelligence (TAAI), 2010 International Conference on
Conference_Location :
Hsinchu City
Print_ISBN :
978-1-4244-8668-7
Electronic_ISBN :
978-0-7695-4253-9
DOI :
10.1109/TAAI.2010.27
