Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
A Fuzzy Data Mining Based Intrusion Detection Model
FTDCS '04 Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems
Hi-index | 0.00 |
Correlation of intrusion alerts is a major technique in attack detection to build attack scenario. Rule-based and data mining methods have been used in some previous proposals to perform correlation. In this paper we integrate two complementary methods and introduce fuzzy clustering in the data mining method. To determine the fuzzy similarity coefficients, we introduce a hierarchy measurement and use weighted average to compute total similarity. This mechanism can measure the semantic distance of intrusion alerts with finer granularity than the common similarity measurement . The experimental results in this paper show that using fuzzy clustering method can reconstruct attack scenario which are wrecked by missed attacks.