• DocumentCode
    2494110
  • Title

    Alert Correlation Model Design Based on Self-regulate

  • Author

    Yang, Li ; Xinfa, Dong

  • Author_Institution
    Anyang Inst. of Technol., Anyang, China
  • Volume
    1
  • fYear
    2010
  • fDate
    24-25 April 2010
  • Firstpage
    266
  • Lastpage
    269
  • Abstract
    The multi-step attack is one of the primary forms of the current network intrusions. How to detect these attacks is an important aspect of IDS (Intrusion Detection System) research. The correlation research in intrusion detection performs mainly on the following aspects: reducing the false alert rate and omission rate; detecting unknown attacks; attack forecasting. Especially the development of the third point perhaps improves the passive detection to the active protection. Through the study on patterns of the multi-step attack, a model of alert correlation which is based on self-regulate is designed. This paper describes the definition and classification of alert correlation. Also it introduces the association rules. To improve efficiency of IDS, the paper applies data mining technology to IDS In the paper we present a method of how to acquire the intrusion knowledge from the logs and detect the intrusion behaviors based on the improved Apriori algorithm.
  • Keywords
    correlation methods; data mining; knowledge acquisition; security of data; Apriori algorithm; active protection; alert correlation model; attack detection; attack forecasting; data mining technology; false alert rate; intrusion behaviors; intrusion detection system; intrusion knowledge; multistep attack; network intrusions; omission rate; passive detection; self-regulate; Association rules; Correlation; Data mining; Electronic mail; Information analysis; Information security; Information technology; Intrusion detection; Paper technology; Protection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Multimedia and Information Technology (MMIT), 2010 Second International Conference on
  • Conference_Location
    Kaifeng
  • Print_ISBN
    978-0-7695-4008-5
  • Electronic_ISBN
    978-1-4244-6602-3
  • Type

    conf

  • DOI
    10.1109/MMIT.2010.60
  • Filename
    5474223