An alerts correlation technology for large-scale network intrusion detection

Authors:
Jingbo Yuan;Shunli Ding
Affiliations:
Institute of Information Management Technology and Application, Northeastern University at Qinhuangdao, Qinhuangdao, China;Institute of Information Management Technology and Application, Northeastern University at Qinhuangdao, Qinhuangdao, China
Venue:
WISM'11 Proceedings of the 2011 international conference on Web information systems and mining - Volume Part I
Year:
2011

Citing 3
Cited 0

Mining frequent patterns without candidate generation

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Intrusion Detection Based on Data Mining

DASC '09 Proceedings of the 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing
A framework for the application of association rule mining in large intrusion detection infrastructures

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.