A Cognitive Model for Alert Correlation in a Distributed Environment
نویسندگان
چکیده
The area of alert fusion for strengthening information assurance in systems is a promising research area that has recently begun to attract attention. Increased demands for “more trustworthy” systems and the fact that a single sensor cannot detect all types of misuse/anomalies have prompted most modern information systems deployed in distributed environments to employ multiple, diverse sensors. Therefore, the outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion will essentially combine alert prioritization, alert clustering and alert correlation. In this paper, we address the alert correlation aspect of sensor data fusion in distributed environments. A causal knowledge based inference technique with fuzzy cognitive modeling is used to correlate alerts by discovering causal relationships in alert data.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملCollusion Set Detection Through Outlier Discovery
Digging in the details : a case study in network data mining p. 14 Efficient identification of overlapping communities p. 27 Event-driven document selection for terrorism information extraction p. 37 Link analysis tools for intelligence and counterterrorism p. 49 Mining candidate viruses as potential bio-terrorism weapons from biomedical literature p. 60 Private mining of association rules p. 7...
متن کاملAlert Correlation with Abstract Incident Modeling in a Multi- Sensor Environment1
1 This work was supported by NSF Cyber Trust Program Grant No: SCI-0430354, NSA IASP Grant No: H98230-04-1-0205, Office of Naval Research Grant number N00014-01-1-0678, and the Department of Computer Science and Engineering, Center for Computer Security Research at Mississippi State University. Parts of this work have appeared in Proceedings: IEEE International Conference on Intelligence and Se...
متن کاملCooperative Anomaly and Intrusion Detection for Alert Correlation in Networked Computing Systems
Network-centric computing systems manifest as Grids, clusters, Intranets, LANs, or P2P networks, etc. These distributed systems are subject to security breaches in an open network environment. Conventional intrusion detection systems (IDS) use the misuse model at the packet level. An anomaly detection system (ADS) follows a normal-use model at Internet connection level. We integrate these two a...
متن کامل