• DocumentCode
    532548
  • Title

    A distributed intrusion detect model based on alert data correlation analysis

  • Author

    Wang, Baoyi ; Ju, Xiaowei ; Zhang, Shaomin

  • Author_Institution
    Sch. of Control & Comput. Eng., North China Electr. Power Univ., Baoding, China
  • Volume
    3
  • fYear
    2010
  • fDate
    22-24 Oct. 2010
  • Abstract
    Intrusion detects is an important method to ensure the network security and the distributed intrusion detect system can detect the intrusion of the entire network. The association analysis is practical and feasible to improve the detective performance of intrusion detection system. The paper proposes a tree-layer alert data correlation analysis model of distributed intrusion system to reduce the false alerts by analyzing the intensity of the alert data, clear or reduce the repeated alert by clustering the alert data and discover the high-level attack tactics by associating the alert data. The paper provides the algorithm of each module, and the experiment of the high-level event correlation module with the detect attack data Mitnick shows that the association based on the ontology can achieve the detection of the process of the multi-step distributed attack.
  • Keywords
    computer network security; data analysis; distributed processing; sensor fusion; alert data correlation analysis; data association analysis; distributed intrusion detect model; network security; Databases; Alert Data Correlation; Distributed Intrusion Detection; Network Security; Similarity Clustering;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Application and System Modeling (ICCASM), 2010 International Conference on
  • Conference_Location
    Taiyuan
  • Print_ISBN
    978-1-4244-7235-2
  • Electronic_ISBN
    978-1-4244-7237-6
  • Type

    conf

  • DOI
    10.1109/ICCASM.2010.5620718
  • Filename
    5620718
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=532548