DocumentCode
3282182
Title
Integrating security operator knowledge and preferences to the alert correlation process
Author
Bouzar-Benlabiod, Lydia ; Benferhat, Salem ; Boubana-Tebibel, Thouraya
Author_Institution
Grad. Sch. (STIC), Nat. Sch. of Comput. (ESI), Algiers, Algeria
fYear
2010
fDate
3-5 Oct. 2010
Firstpage
416
Lastpage
420
Abstract
Intrusion Detection Systems (IDS) are necessary for the system monitoring. However they produce a huge quantity of alerts. Alert correlation is a process applied to the IDS alerts in order to reduce their number. In this paper we propose a new approach for alert correlation which enables the integration of new information to the alert correlation process: Security operator´s knowledge and preferences. This information concerns the monitoring system and the risk level of each alert in according for instance to the operator´s experiences. The representation and the reasoning on these knowledge and preferences are done using the Qualitative Choice Logic (QCL) and its extensions: Prioritized Qualitative Choice Logic (PQCL) and Positive Qualitative Choice Logic (QCL+). Experimental results are achieved on data from a real system monitoring. The result is a set of ordered alerts which satisfies operator´s criteria.
Keywords
computerised monitoring; security of data; alert correlation process; intrusion detection systems; positive qualitative choice logic; prioritized qualitative choice logic; security operator knowledge; security operator preferences; system monitoring; Cognition; Correlation; Intrusion detection; Monitoring; Polynomials; Quantum cascade lasers; IDS; QCL; alert correlation; knowledge; preferences;
fLanguage
English
Publisher
ieee
Conference_Titel
Machine and Web Intelligence (ICMWI), 2010 International Conference on
Conference_Location
Algiers
Print_ISBN
978-1-4244-8608-3
Type
conf
DOI
10.1109/ICMWI.2010.5648098
Filename
5648098
Link To Document