Abstract
Alert Correlation is a key part of intrusion detection technique. Traditional methods based on the situation awareness techniques usually store the different dimensions of security information in separate knowledge bases, which leads to the lack of synergies between the various dimensions. For complex attacks, it is difficult to integrate all context information quickly to launch real-time and accurate analysis. To address these issues, we proposed an integrated intelligent security event correlation analysis system, named KGBIAC, which uses knowledge graph to represent and store the network security information. We explain the structure of KGBIAC and conduct an experiment on the DARPA 2000 dataset. Performance evaluation shows that the KGBIAC performs potentially effective.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Liao, H., Lin, C., Lin, Y.: Intrusion detection system: a comprehensive review. J. Network Comput. Appl. 36(1), 16–24 (2013)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secure Comput. 1(3), 146–169 (2004)
Stanton, N.A., Stewart, R., Harris, D., Houghton, R.J., Baber, C., McMaster, R., Salmon, P., Hoyle, G., Walker, G., Young, M.S., et al.: Distributed situation awareness in dynamic systems: theoretical development and application of an ergonomics methodology. Ergonomics 49(12–13), 1288–1311 (2006)
Elshoush, H.T., Osman, I.M.: Alert correlation in collaborative intelligent intrusion detection systemsła survey. Appl. Soft Comput. 11(7), 4349–4365 (2011)
Zhang, Y., Tan, X.-B., Cui, X.-L., Xi, H.-S.: Network security situation awareness approach based on Markov game model. J. Software 22(3), 495–508 (2011)
Zhuang, X., Xiao, D., Liu, X., Zhang, Y.: Applying data fusion in collaborative alerts correlation. In: International Symposium on Computer Science and Computational Technology, ISCSCT 2008, vol. 2, pp. 124–127. IEEE (2008)
Gao, J.-B., Zhang, B.-W., Chen, X.-H., Luo, Z.: Ontology-based model of network and computer attacks for security assessment. J. Shanghai Jiaotong Univ. (Science) 18(5), 554–562 (2013)
Sadighian, A., Fernandez, J.M., Lemay, A., Zargar, S.T.: ONTIDS: a highly flexible context-aware and ontology-based alert correlation framework. In: Danger, J.-L., Debbabi, M., Marion, J.-Y., Garcia-Alfaro, J., Zincir Heywood, N. (eds.) FPS-2013. LNCS, vol. 8352, pp. 161–177. Springer, Cham (2014). doi:10.1007/978-3-319-05302-8_10
More, S., Matthews, M., Joshi, A., Finin, T.: A knowledge-based approach to intrusion detection modeling. In: 2012 IEEE Symposium on Security and Privacy Workshops (SPW), pp. 75–81. IEEE (2012)
Carey, N., Clark, A., Mohay, G.: IDS interoperability and correlation using IDMEF and commodity systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 252–264. Springer, Heidelberg (2002). doi:10.1007/3-540-36159-6_22
Zhu, N.Q.: Data Visualization with D3.js Cookbook. Packt Publishing Ltd., Birmingham (2013)
Bollacker, K., Evans, C., Paritosh, P., Sturge, T., Taylor, J.: Freebase: a collaboratively created graph database for structuring human knowledge. In: Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, pp. 1247–1250. ACM (2008)
Vrandečić, D., Krötzsch, M.: Wikidata: a free collaborative knowledgebase. Commun. ACM 57(10), 78–85 (2014)
Auer, S., Bizer, C., Kobilarov, G., Lehmann, J., Cyganiak, R., Ives, Z.: Dbpedia: a nucleus for a web of open data. The semantic web, pp. 722–735 (2007)
Prud, E., Seaborne, A., et al.: SPARQL query language for RDF (2006)
Acknowledgements
This work is supported by the National Key Research and Development Program No. 2016YFB0800804, No. 2016YFB0800803, No. 2016YFB0800802
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wang, W., Jiang, R., Jia, Y., Li, A., Chen, Y. (2017). KGBIAC: Knowledge Graph Based Intelligent Alert Correlation Framework. In: Wen, S., Wu, W., Castiglione, A. (eds) Cyberspace Safety and Security. CSS 2017. Lecture Notes in Computer Science(), vol 10581. Springer, Cham. https://doi.org/10.1007/978-3-319-69471-9_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-69471-9_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69470-2
Online ISBN: 978-3-319-69471-9
eBook Packages: Computer ScienceComputer Science (R0)