A cognitive model for alert correlation in a distributed environment

Authors:
Ambareen Siraj;Rayford B. Vaughn
Affiliations:
Department of Computer Science and Engineering, Center for Computer Security Research;Department of Computer Science and Engineering, Center for Computer Security Research
Venue:
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Year:
2005

Citing 5
Cited 7

Fuzzy cognitive maps

International Journal of Man-Machine Studies
Neural networks and fuzzy systems: a dynamical systems approach to machine intelligence

Neural networks and fuzzy systems: a dynamical systems approach to machine intelligence
Fuzzy engineering

Fuzzy engineering
Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
Mining Alarm Clusters to Improve Alarm Handling Efficiency

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference

Alert correlation survey: framework and techniques

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Data fusion for improved situational understanding

Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A dynamic fusion approach for security situation assessment

CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Functional requirements of situational awareness incomputer network security

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs

Computer Networks: The International Journal of Computer and Telecommunications Networking
A new alert correlation algorithm based on attack graph

CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
An alert correlation platform for memory-supported techniques

Concurrency and Computation: Practice & Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

The area of alert fusion for strengthening information assurance in systems is a promising research area that has recently begun to attract attention. Increased demands for “more trustworthy” systems and the fact that a single sensor cannot detect all types of misuse/anomalies have prompted most modern information systems deployed in distributed environments to employ multiple, diverse sensors. Therefore, the outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion will essentially combine alert prioritization, alert clustering and alert correlation. In this paper, we address the alert correlation aspect of sensor data fusion in distributed environments. A causal knowledge based inference technique with fuzzy cognitive modeling is used to correlate alerts by discovering causal relationships in alert data.