Security alert correlation using growing neural gas
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Semantic Pattern Transformation: Applying Knowledge Discovery Processes in Heterogeneous Domains
Proceedings of the 13th International Conference on Knowledge Management and Knowledge Technologies
Hi-index | 0.00 |
Intrusion Detection Systems (IDS) deploy various sensors that collect data, process this data and report events. The process of combining these events or superordinate incidences is known as event correlation. The key issues of this process are (1) to find a way how to combine events based on different data types (e. g. log entries, connection statistics or protocol identifiers), (2) to build a model representing the relations between the events and (3) to apply subsequent analysis that allow us to extract meaningful information from the trained model. In order to address these key issues, we introduce the concept of Activation Patterns. These patterns are generated by applying various techniques from machine learning and artificial intelligence to the raw event data. The presented technique is then integrated into an event correlation system. We describe the system and evaluate it by analyzing a popular intrusion detection data set consisting of a wide range of different features.