A taxonomy on intrusion alert aggregation techniques

Author

Ahmed, Toufik ; Siraj, Maheyzah Md ; Zainal, Anazida ; Mat Din, Mazura

Author_Institution

Inf. Assurance & Security Res. Group, Univ. Teknol. Malaysia, Skudai, Malaysia

fYear

2014

fDate

26-27 Aug. 2014

Firstpage

244

Lastpage

249

Abstract

As security threats advance in a drastic way, most of the organizations apply various intrusion detection systems (IDSs) to optimize detection and to provide comprehensive view of intrusion activities. But IDS produces huge number of duplicated alerts information that overwhelm security operator. Alert aggregation addresses this issue by reducing, fusing and clustering the alerts. Techniques from a different scope of disciplines have been proposed by researchers for different aspects of aggregation. In this paper we present a comprehensive review on proposed alert aggregation techniques. Our main contribution is to classify the literature based on the techniques applied to aggregate the alerts.

Keywords

computer crime; pattern clustering; IDS; alert clustering; alert fusing; alert reducing; duplicated alerts information; intrusion activities; intrusion alert aggregation techniques; intrusion detection systems; organizations; security operator; security threats; Algorithm design and analysis; Classification algorithms; Clustering algorithms; Genetic algorithms; Partitioning algorithms; Security; Taxonomy; IDS; alert aggregation; clustering; taxonomy;

fLanguage

English

Publisher

ieee

Conference_Titel

Biometrics and Security Technologies (ISBAST), 2014 International Symposium on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4799-6443-7

Type

conf

DOI

10.1109/ISBAST.2014.7013129

Filename

7013129