Attack scenario construction based on rule and fuzzy clustering

Authors:
Linru Ma;Lin Yang;Jianxin Wang
Affiliations:
School of Electronic Science and Engineering, National University of Defense Technology, Changsha, Hunan, China;Institute of China Electronic System Engineering, Beijing, China;Institute of China Electronic System Engineering, Beijing, China
Venue:
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Year:
2005

Citing 4
Cited 0

Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Clustering intrusion detection alarms to support root cause analysis

ACM Transactions on Information and System Security (TISSEC)
A Fuzzy Data Mining Based Intrusion Detection Model

FTDCS '04 Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Correlation of intrusion alerts is a major technique in attack detection to build attack scenario. Rule-based and data mining methods have been used in some previous proposals to perform correlation. In this paper we integrate two complementary methods and introduce fuzzy clustering in the data mining method. To determine the fuzzy similarity coefficients, we introduce a hierarchy measurement and use weighted average to compute total similarity. This mechanism can measure the semantic distance of intrusion alerts with finer granularity than the common similarity measurement . The experimental results in this paper show that using fuzzy clustering method can reconstruct attack scenario which are wrecked by missed attacks.