Security alert correlation using growing neural gas

Authors:
Francisco José Mora-Gimeno;Francisco Maciá-Pérez;Iren Lorenzo-Fonseca;Juan Antonio Gil-Martínez-Abarca;Diego Marcos-Jorquera;Virgilio Gilart-Iglesias
Affiliations:
Department of Computer Technology, University of Alicante, Alicante, Spain;Department of Computer Technology, University of Alicante, Alicante, Spain;Department of Computer Technology, University of Alicante, Alicante, Spain;Department of Computer Technology, University of Alicante, Alicante, Spain;Department of Computer Technology, University of Alicante, Alicante, Spain;Department of Computer Technology, University of Alicante, Alicante, Spain
Venue:
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Year:
2011

Citing 10
Cited 0

Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Measuring intrusion detection capability: an information-theoretic approach

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Modeling network intrusion detection alerts for correlation

ACM Transactions on Information and System Security (TISSEC)
Network Intrusion Detection System Using Neural Networks

ICNC '08 Proceedings of the 2008 Fourth International Conference on Natural Computation - Volume 05
A logic-based model to support alert correlation in intrusion detection

Information Fusion
Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics

IWANN '09 Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part I: Bio-Inspired Systems: Computational and Ambient Intelligence
Multilevel event correlation based on collaboration and temporal causal correlation

WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Event Correlation on the Basis of Activation Patterns

PDP '10 Proceedings of the 2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing
An online adaptive approach to alert correlation

DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of alert correlation methods in Distributed Intrusion Detection Systems (DIDS) has become an important process to address some of the current problems in this area. However, the efficiency obtained is far from optimal results. This paper presents a novel approach based on the integration of multiple correlation methods by using the neural network Growing Neural Gas (GNG). Moreover, since correlation systems have different detection capabilities, we have modified the learning algorithm to positively weight the best performing systems. The results show the validity of the proposal, both the multiple integration approach using GNG neural network and the weighting based on efficiency.