Applying data mining techniques to analyze alert data

Authors:
Moonsun Shin;Hosung Moon;Keunho Ryu;KiYoung Kim;JinOh Kim
Affiliations:
Database Laboratory, Chungbuk National University, Gaesin-dong, Cheongju, Chungbuk, Korea;Database Laboratory, Chungbuk National University, Gaesin-dong, Cheongju, Chungbuk, Korea;Database Laboratory, Chungbuk National University, Gaesin-dong, Cheongju, Chungbuk, Korea;Network Security Department, Electronics and Telecommunications Research Institute, Korea;Network Security Department, Electronics and Telecommunications Research Institute, Korea
Venue:
APWeb'03 Proceedings of the 5th Asia-Pacific web conference on Web technologies and applications
Year:
2003

Citing 4
Cited 0

CURE: an efficient clustering algorithm for large databases

SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Conflicts in Policy-Based Distributed Systems Management

IEEE Transactions on Software Engineering
Discovery of Frequent Episodes in Event Sequences

Data Mining and Knowledge Discovery
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Architecture of the policy-based network management has a hierarchical structure that consists of management layer and enforcement layer. A security policy server in the management layer should be able to generate new policy, delete, update the existing policy and decide the policy when security policy is requested. Therefore the security policy server must analyze and manage alert messages received from policy enforcement system. In this paper, we propose an alert analyzer with data mining engine. It is a helpful system to manage the fault users or hosts. The implemented mining system supports the alert analyzer and the high level analyzer efficiently for the security policy management.