An Online Adaptive Approach to Alert Correlation
نویسندگان
چکیده
The current intrusion detection systems (IDSs) generate a tremendous number of intrusion alerts. In practice, managing and analyzing this large number of low-level alerts is one of the most challenging tasks for a system administrator. In this context alert correlation techniques aiming to provide a succinct and high-level view of attacks gained a lot of interest. Although, a variety of methods were proposed, the majority of them address the alert correlation in the off-line setting. In this work, we focus on the online approach to alert correlation. Specifically, we propose a fully automated adaptive approach for online correlation of intrusion alerts in two stages. In the first online stage, we employ a Bayesian network to automatically extract information about the constraints and causal relationships among alerts. Based on the extracted information, we reconstruct attack scenarios on-the-fly providing network administrator with the current network view and predicting the next potential steps of the attacker. Our approach is illustrated using both the well known DARPA 2000 data set and the live traffic data collected from a Honeynet network.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملA Solution to the Problem of Extrapolation in Car Following Modeling Using an online fuzzy Neural Network
Car following process is time-varying in essence, due to the involvement of human actions. This paper develops an adaptive technique for car following modeling in a traffic flow. The proposed technique includes an online fuzzy neural network (OFNN) which is able to adapt its rule-consequent parameters to the time-varying processes. The proposed OFNN is first trained by an growing binary tree le...
متن کاملAdaptive Online Traffic Flow Prediction Using Aggregated Neuro Fuzzy Approach
Short term prediction of traffic flow is one of the most essential elements of all proactive traffic control systems. Although various methodologies have been applied to forecast traffic parameters, several researchers have showed that compared with the individual methods, hybrid methods provide more accurate results . These results made the hybrid tools and approaches a more common method for ...
متن کاملAn Architecture for Alert Correlation Inspired By a Comprehensive Model of Human Immune System
Alert correlation is the process of analyzing, relating and fusing the alerts generated by one or more Intrusion Detection Systems (IDS) in order to provide a high-level and comprehensive view of the security situation of the system or network. Different approaches, such as rule-based, prerequisites consequences-based, learning-based and similarity-based approach are used in correlation process...
متن کاملADAPTIVE FUZZY TRACKING CONTROL FOR A CLASS OF PERTURBED NONLINEARLY PARAMETERIZED SYSTEMS USING MINIMAL LEARNING PARAMETERS ALGORITHM
In this paper, an adaptive fuzzy tracking control approach is proposed for a class of single-inputsingle-output (SISO) nonlinear systems in which the unknown continuous functions may be nonlinearlyparameterized. During the controller design procedure, the fuzzy logic systems (FLS) in Mamdani type are applied to approximate the unknown continuous functions, and then, based on the minimal learnin...
متن کامل