Title :
A distributed intrusion detect model based on alert data correlation analysis
Author :
Wang, Baoyi ; Ju, Xiaowei ; Zhang, Shaomin
Author_Institution :
Sch. of Control & Comput. Eng., North China Electr. Power Univ., Baoding, China
Abstract :
Intrusion detects is an important method to ensure the network security and the distributed intrusion detect system can detect the intrusion of the entire network. The association analysis is practical and feasible to improve the detective performance of intrusion detection system. The paper proposes a tree-layer alert data correlation analysis model of distributed intrusion system to reduce the false alerts by analyzing the intensity of the alert data, clear or reduce the repeated alert by clustering the alert data and discover the high-level attack tactics by associating the alert data. The paper provides the algorithm of each module, and the experiment of the high-level event correlation module with the detect attack data Mitnick shows that the association based on the ontology can achieve the detection of the process of the multi-step distributed attack.
Keywords :
computer network security; data analysis; distributed processing; sensor fusion; alert data correlation analysis; data association analysis; distributed intrusion detect model; network security; Databases; Alert Data Correlation; Distributed Intrusion Detection; Network Security; Similarity Clustering;
Conference_Titel :
Computer Application and System Modeling (ICCASM), 2010 International Conference on
Conference_Location :
Taiyuan
Print_ISBN :
978-1-4244-7235-2
Electronic_ISBN :
978-1-4244-7237-6
DOI :
10.1109/ICCASM.2010.5620718
