Skip to main content
Springer Nature Link
Log in

Construct Efficient Hyper-alert Correlation for Defense-in-Depth Network Security System

  • Conference paper
Information Networking. Networking Technologies for Broadband and Mobile Networks (ICOIN 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3090))

Included in the following conference series:

  • 424 Accesses

Abstract

The current intrusion detection systems faced the problem of generating too many false alerts. The raising alerts are too elementary and do not accurate enough to be managed by a security administrator. Several alert correlation techniques have been proposed to solve this problem, such as hyper-alert correlation. The hyper-alert correlation takes advantage of the prerequisites and consequences of the attack to correlate the related alerts together. But the performance of this approach highly depends on the quality of the modeling of attacks. On the other hand, with growing of the network attacks, specifying the relationship for alert correlation would be quite complex and tedious task to perform mutually. This paper presents a practical technique to address this issue for hyper-alert correlation. On the basis of the attack signatures and the hyper-alert types defined in hyper-alert correlation, the proposed approach constructs alert relationship automatically. Furthermore, to take the various kinds of attacks into consideration, some of the relationships between attacks may be neglected. At this time, fine tuning the relationship by human user can efficiently deal with the above problem.

This work was partially supported by the MOE Program for Promoting Academic Excellence of Universities under Grant 89-E-FA04-1-4.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ning, P., Cui, Y., Reeves, D.S.: Analyzing Intensive Intrusion Alerts Via Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 74. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios through Correlation of Intrusion Alerts. In: Proceedings of the 9th ACM Conference on Computer & Communications Security, Washington D.C (November 2002)

    Google Scholar 

  3. Ning, P., Reeves, D., Cui, Y.: Correlating alerts using prerequisites of intrusions. Technical Report TR-2001-13, North Carolina State University, Department of Computer Science (December 2001)

    Google Scholar 

  4. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (May 2002)

    Google Scholar 

  5. Cuppens, F.: Managing alerts in a multi-intrusion detection environment. In: 17th Annual Computer Security Applications Conference(ACSAC), New-Orleans (December 2001)

    Google Scholar 

  6. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Cuppens, F., Ortalo, R.: LAMBDA: A language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection system. Journal of Computer Security 7, 37–71 (1999)

    Google Scholar 

  9. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of IEEE Symposium on Security and Privacy (May 2002)

    Google Scholar 

  10. McHugh, J., Christie, A., Allen, J.: Intrusion detection implementation and operational issues. In: CERT (January 2001)

    Google Scholar 

  11. Curry, D., Debar, H.: Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. draft-ietf-idwgidmef-xml-10.txt (January 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, National Tsing Hua University, Taiwan, ROC

    Nen-Fu Huang & Gin-Yuan Jai

  2. Institute of Communication Engineering, National Tsing Hua University, Taiwan, ROC

    Nen-Fu Huang, Hsien-Wei Hung, Chia-Nan Kao & Yi-Ju Sung

  3. Broadweb Corp., Hsin-Chu Industrial Science Park, Hsin-Chu, Taiwan, ROC

    Nen-Fu Huang

Authors
  1. Nen-Fu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hsien-Wei Hung
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chia-Nan Kao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gin-Yuan Jai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yi-Ju Sung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Electronics Information Engineering, Korea University, Seoul, Korea

    Hyun-Kook Kahng

  2. Waseda University, 3-4-1 Ohkubo, Shinjuku, 169-8555, Tokyo, Japan

    Shigeki Goto

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huang, NF., Hung, HW., Kao, CN., Jai, GY., Sung, YJ. (2004). Construct Efficient Hyper-alert Correlation for Defense-in-Depth Network Security System. In: Kahng, HK., Goto, S. (eds) Information Networking. Networking Technologies for Broadband and Mobile Networks. ICOIN 2004. Lecture Notes in Computer Science, vol 3090. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25978-7_89

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-25978-7_89

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23034-2

  • Online ISBN: 978-3-540-25978-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics