A data mining analysis of RTID alarms
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
STATL: an attack language for state-based intrusion detection
Journal of Computer Security
LAMBDA: A Language to Model a Database for Detection of Attacks
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Artificial Immune Recognition System (AIRS): An Immune-Inspired Supervised Learning Algorithm
Genetic Programming and Evolvable Machines
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
A probabilistic-based framework for infosec alert correlation
A probabilistic-based framework for infosec alert correlation
A logic-based model to support alert correlation in intrusion detection
Information Fusion
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
Network Intrusion Detection and Prevention: Concepts and Techniques
Network Intrusion Detection and Prevention: Concepts and Techniques
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
An online adaptive approach to alert correlation
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection
ICARIS'05 Proceedings of the 4th international conference on Artificial Immune Systems
Hi-index | 0.00 |
High volumes of low-level alerts that are generated by intrusion detection systems (IDSs) are serious obstacle for using them effectively. These high volumes of alerts overwhelm system administrators in such a way that they cannot manage and interpret them. Alert correlation is used to reduce the number of alerts and increase their level of abstraction. It selects a group of low-level alerts and converts them into a higher level attack and then produces a high-level alert for them. In this paper, a new artificial immune system-based alert correlation system is presented, named AISAC. It learns the correlation probability between each pair of alert types and uses this knowledge to extract the attack scenarios. AISAC does not need intensive domain knowledge and rule definition efforts. It also does not need to manually update the extracted knowledge. The computational cost of learning algorithm is linear, and the initial learning is done by a very limited general data in offline mode. AISAC is evaluated by DARPA 2000 and netForensics Honeynet data. Results show that although it uses a relatively simple algorithm, it generates the attack graphs with acceptable accuracy.