Title :
Alert Correlation Model Design Based on Self-regulate
Author :
Yang, Li ; Xinfa, Dong
Author_Institution :
Anyang Inst. of Technol., Anyang, China
Abstract :
The multi-step attack is one of the primary forms of the current network intrusions. How to detect these attacks is an important aspect of IDS (Intrusion Detection System) research. The correlation research in intrusion detection performs mainly on the following aspects: reducing the false alert rate and omission rate; detecting unknown attacks; attack forecasting. Especially the development of the third point perhaps improves the passive detection to the active protection. Through the study on patterns of the multi-step attack, a model of alert correlation which is based on self-regulate is designed. This paper describes the definition and classification of alert correlation. Also it introduces the association rules. To improve efficiency of IDS, the paper applies data mining technology to IDS In the paper we present a method of how to acquire the intrusion knowledge from the logs and detect the intrusion behaviors based on the improved Apriori algorithm.
Keywords :
correlation methods; data mining; knowledge acquisition; security of data; Apriori algorithm; active protection; alert correlation model; attack detection; attack forecasting; data mining technology; false alert rate; intrusion behaviors; intrusion detection system; intrusion knowledge; multistep attack; network intrusions; omission rate; passive detection; self-regulate; Association rules; Correlation; Data mining; Electronic mail; Information analysis; Information security; Information technology; Intrusion detection; Paper technology; Protection;
Conference_Titel :
Multimedia and Information Technology (MMIT), 2010 Second International Conference on
Conference_Location :
Kaifeng
Print_ISBN :
978-0-7695-4008-5
Electronic_ISBN :
978-1-4244-6602-3
DOI :
10.1109/MMIT.2010.60
