Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Inventory Control Under Parametric Uncertainty of Underlying Models Read chapter Read first chapter

2013 | OriginalPaper | Chapter

Intrusion Alert Correlation Framework: An Innovative Approach

Authors : Huwaida Tagelsir Elshoush, Izzeldin Mohamed Osman

Published in: IAENG Transactions on Engineering Technologies

Publisher: Springer Netherlands

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Alert correlation analyzes the alerts from one or more collaborative intrusion detection systems (IDSs) to produce a concise overview of security-related activity on a network. The process consists of multiple components, each responsible for a different aspect of the overall correlation goal. The sequence order of the correlation components affects the process performance. The total time needed for the whole process depends on the number of processed alerts in each component. An innovative alert correlation framework is introduced based on a model that reduces the number of processed alerts as early as possible by discarding the irrelevant and false alerts in the first phases. A new component, shushing the alerts, is added to deal with the unrelated alerts. A modified algorithm for fusing the alerts is presented. The intruders’ intention is grouped into attack scenarios and thus used to detect future attacks. DARPA 2000 ID scenario specific datasets is used to evaluate the alert correlator model. The experimental results show that the correlation model is effective in achieving alert reduction and abstraction. The performance is improved after the attention is focused on correlating higher severity alerts.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Internet Key Exchange Protocol Using ECC-Based Public Key Certificate
next chapter An Interactive Shadow Removing Tool: A Granular Computing Approach
Literature
1.
Amiri F, Yousefi MMR, Lucas C, Shakery A (2011) Improved feature selection for intrusion detection system. J Netw Comput Appl
2.
Bye R, Camtepe SA, Albayrak S (2010) Collaborative intrusion detection framework: characteristics, adversarial opportunities and countermeasures
3.
Cui Y (2002) A toolkit for intrusion alerts correlation based on prerequistes and consequences of attacks, MSc thesis
4.
Davis JJ, Clark AJ (2011) Data preprocessing for anomaly-based network intrusion detection: a review. J Comput Secur 30:353–375
5.
6.
Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems—a survey. J Appl Soft Comput 11(7):4349–4365
7.
Elshoush HT, Osman IM (2012) An improved framework for intrusion alert correlation. Lecture notes in engineering and computer science: proceedings of the world congress on engineering, WCE, U.K, London, pp 518–523, 4–6 July 2012
8.
Ghorbani AA, Lu W, Tavallaee M (2010) Network intrusion detection and prevention: concepts and techniques. Springer, Heidelberg
9.
Kruegel C, Valeur F, Vigna G (2005) Intrusion detection and correlation—challenges and solutions. Springer, Boston
10.
11.
12.
Ning P, Cui Y, Reeves DS (2002) Analyzing intensive intrusion alerts via correlation. In: Proceedings of the 5th international symposium on recent advances in intrusion detection (RAID 2002), LNCS 2516, Zurich, Switzerland, pp 74–94, Oct 2002
13.
Ning P, Cui Y, Reeves DS (2002) Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the 9th ACM conference on computer and communications security, Washington, DC, pp 245–254, Nov 2002
14.
Siraj MM, Maarof MA, Hashim SZM (2009) Intelligent alert clustering model for network intrusion analysis. Int J Advanc Soft Comput Appl 1(1), ICSRS Publication, ISSN 2074–8523
15.
Taha AE, Ghaffar AI, Bahaa Eldin AM, Mahdi HMK (2010) Agent based correlation model For intrusion detection alerts. IEEE Computer Society, London
16.
Valeur F (2006) Real-time ID alert correlation, PhD thesis. Barbara, USA
17.
Valeur F, Vigna G, Kruegel C, Kemmerer R (2004) A comprehensive approach to intrusion detection alert correlation. IEEE Trans Dependable Secure Comput 1(3):146–169
18.
Yusof R, Selamat SR, Sahib S (2008) Intrusion alert correlation technique analysis for heterogeneous log. Int J Comput Sci Netw Secur (IJCSNS) 8(9):132–138
19.
Zainal A, Maarof MA, Shamsuddin SM (2007) Features selection using rough-PSO in anomaly intrusion detection
20.
Zainal A, Maarof MA, Shamsuddin SM (2006) Feature selection using rough set in intrusion detection
21.
Zhou CV, Leckie C, Karunasekera S (2009) Decentralized multidimensional alert correlation for collaborative intrusion detection. J Netw Comput Appl 32:1106–1123
22.
Zhou CV, Leckie C, Karunasekera S (June 2009) A survey of coordinated attacks and collaborative intrusion detection. Elsevier Ltd, Computer Security
Metadata
Title
Intrusion Alert Correlation Framework: An Innovative Approach
Authors
Huwaida Tagelsir Elshoush
Izzeldin Mohamed Osman
Copyright Year
2013
Publisher
Springer Netherlands
Book
IAENG Transactions on Engineering Technologies

Print ISBN: 978-94-007-6189-6

Electronic ISBN: 978-94-007-6190-2

Copyright Year: 2013

DOI
https://doi.org/10.1007/978-94-007-6190-2_31