Title :
An Adaptive Rule-Based Intrusion Alert Correlation Detection Method
Author :
Huang, Chenn-Jung ; Li, Ching-Yu ; Wang, Yu-Wu ; Lin, Chin-Fa ; Liao, Jia-Jian ; Hu, Kai-Wen
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Nat. Dong Hwa Univ., Hualien, Taiwan
Abstract :
Intrusion detection system (IDS) is a security layer that is used to discover ongoing intrusive attacks and anomaly activities in information systems and is usually working in a dynamically changing environment. Although increasing IDSs are developed in the literature, network security administrators are faced with the task of analyzing enormous alerts produced from the analysis of different event streams. The intrusion detection model needs to be continuously tuned in order to reduce correlative alerts and help the administrator to determine accurate and critical attacks. In this work, an alert correlation detection module is proposed to analyze the alerts produced by IDSs and provides a more succinct and overall view of intrusions. An automatically tuned IDS rules generation module based on fuzzy logic technique is used to block the highly correlative alerts. The experimental results reveal that the proposed work is effective in achieving alert reduction and abstraction.
Keywords :
correlation methods; fuzzy logic; information systems; security of data; IDS rules generation module; adaptive rule-based intrusion alert correlation detection method; anomaly activities; fuzzy logic technique; information systems; intrusion detection system; intrusive attacks; security layer; Correlation; Databases; Firing; Fuzzy logic; Intrusion detection; Tuning; IDS rule tuning; Intrusion detection system; adaptive tuning; alert reduction; intrusion correlation;
Conference_Titel :
Networking and Distributed Computing (ICNDC), 2010 First International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-1-4244-8382-2
DOI :
10.1109/ICNDC.2010.53
