Extracting fuzzy attack patterns using an online fuzzy adaptive alert correlation framework. Issue 14 (15th April 2016)
- Record Type:
- Journal Article
- Title:
- Extracting fuzzy attack patterns using an online fuzzy adaptive alert correlation framework. Issue 14 (15th April 2016)
- Main Title:
- Extracting fuzzy attack patterns using an online fuzzy adaptive alert correlation framework
- Authors:
- Faraji Daneshgar, Fatemeh
Abbaspour, Maghsoud - Abstract:
- Abstract: The tremendous numbers of alerts provided by intrusion detection systems have made the alert correlation a vital issue. Despite of the considerable number of proposed methods, the online alert correlation is still an open issue. In this paper we proposed an online model for alert correlation. Our model consists of two modules: (1) the online fuzzy clustering module which clusters alerts into fuzzy events based on their similarity and historical relevance; (2) the fuzzy inter event pattern mining which provides the first module with the historical relevance of alerts by mining frequent fuzzy patterns among them. Using these two modules, our approach is as fast as similarity based approaches suitable for online alert correlation while it is able to extract complex attack scenarios like offline time consuming data mining based approaches. Furthermore, observing the frequent events makes our approach capable of detecting scenarios including wrapping tricks which tries to fake the source or destination IPs. The experimental results with the well‐known dataset DARPA2000 and the ISCX UNB intrusion detection evaluation dataset proved mentioned claims. Copyright © 2016 John Wiley & Sons, Ltd. Abstract : In this paper, we proposed an online model for alert correlation using two modules, "online fuzzy clustering" and "fuzzzy inter‐event pattern mining". The former clusters alerts into fuzzy events based on their similarity and historical relevance, while the latter providesAbstract: The tremendous numbers of alerts provided by intrusion detection systems have made the alert correlation a vital issue. Despite of the considerable number of proposed methods, the online alert correlation is still an open issue. In this paper we proposed an online model for alert correlation. Our model consists of two modules: (1) the online fuzzy clustering module which clusters alerts into fuzzy events based on their similarity and historical relevance; (2) the fuzzy inter event pattern mining which provides the first module with the historical relevance of alerts by mining frequent fuzzy patterns among them. Using these two modules, our approach is as fast as similarity based approaches suitable for online alert correlation while it is able to extract complex attack scenarios like offline time consuming data mining based approaches. Furthermore, observing the frequent events makes our approach capable of detecting scenarios including wrapping tricks which tries to fake the source or destination IPs. The experimental results with the well‐known dataset DARPA2000 and the ISCX UNB intrusion detection evaluation dataset proved mentioned claims. Copyright © 2016 John Wiley & Sons, Ltd. Abstract : In this paper, we proposed an online model for alert correlation using two modules, "online fuzzy clustering" and "fuzzzy inter‐event pattern mining". The former clusters alerts into fuzzy events based on their similarity and historical relevance, while the latter provides the historical relevance of alerts by mining frequent fuzzy patterns among them. Using these two modules, our approach is as fast as similarity‐based approaches suitable for online alert correlation while it is able to extract complex attack scenarios too. … (more)
- Is Part Of:
- Security and communication networks. Volume 9:Issue 14(2016)
- Journal:
- Security and communication networks
- Issue:
- Volume 9:Issue 14(2016)
- Issue Display:
- Volume 9, Issue 14 (2016)
- Year:
- 2016
- Volume:
- 9
- Issue:
- 14
- Issue Sort Value:
- 2016-0009-0014-0000
- Page Start:
- 2245
- Page End:
- 2260
- Publication Date:
- 2016-04-15
- Subjects:
- intrusion detection system -- alert correlation -- fuzzy clustering
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1483 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 381.xml