Abstract
The use of alert correlation methods in Distributed Intrusion Detection Systems (DIDS) has become an important process to address some of the current problems in this area. However, the efficiency obtained is far from optimal results. This paper presents a novel approach based on the integration of multiple correlation methods by using the neural network Growing Neural Gas (GNG). Moreover, since correlation systems have different detection capabilities, we have modified the learning algorithm to positively weight the best performing systems. The results show the validity of the proposal, both the multiple integration approach using GNG neural network and the weighting based on efficiency.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ren, H., Stakhanova, N., Ghorbani, A.: An Online Adaptive Approach to Alert Correlation. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 153–172. Springer, Heidelberg (2010)
Qin, X., Lee, W.: Statistical Causality Analysis of INFOSEC Alert Data. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 73–93. Springer, Heidelberg (2003)
Qin, X., Lee, W.: Discovering Novel Attack Strategies from INFOSEC Alerts. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 439–456. Springer, Heidelberg (2004)
Ning, P., Cui, Y., Reeves, D.S.: Constructing Attacks Scenarios Through Correlation of Intrusion Alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press, New York (2002)
Fritzke, B.: A growing neural gas network learns topologies. In: Advances in Neural Information Processing Systems, vol. 7. MIT Press, Cambridge (1995)
Abdel-Azim, M., Abdel-Fatah, A., Awad, M.: Performance Analys of Artificial Neural Network Intrusion Detection Systems. In: Proceedings of International Conference on Electrical and Electronics Engineering, Bursa, Turkey, pp. 385–389 (2009)
Lorenzo-Fonseca, I., Maciá-Pérez, F., Mora-Gimeno, F.J., Lau-Fernández, R., Gil-Martínez-Abarca, J.A., Marcos-Jorquera, D.: Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics. In: Cabestany, J., Sandoval, F., Prieto, A., Corchado, J.M. (eds.) IWANN 2009. LNCS, vol. 5517, pp. 1296–1303. Springer, Heidelberg (2009)
Shun, J., Malki, H.A.: Network Intrusion Detection System Using Neural Networks. In: Proceedings of International Conference on Natural Computation, Jinan, China, pp. 242–249 (2008)
Liu, G., Wang, X.: An Integrated Intrusion Detection System by Using Multiple Neural Networks. In: Proceedings of IEEE Conference on Cybernetics and Intelligent Systems, Chengdu, China, pp. 22–27 (2008)
Tenfl, P., Payer, U., Fellner, R.: Event Correlation on the Basis of Activation Patterns. In: Proceedings of International Conference on Parallel, Distributed, and Network-Based Processing, Pisa, Italy, pp. 631–640 (2010)
Morin, B., Me, L., Debar, H., Ducasse, M.: A Logic-Based Model to Support Alert Correlation in Intrusion Detection. Information Fusion 10(4), 285–299 (2009)
Zhou, J., Hechman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling Network Intrusion Detection Alerts for Correlation. ACM Transactions on Information and System Security 10(1), 1–31 (2007)
Gu, T., Xiao, D., Liu, X., Xia, X.: Multilevel Event Correlation Based on Collaboration and Temporal Causal Correlation. In: Proceedings of International Conference on Wireless Communications, Networking and Mobile Computint, Beijing, China, pp. 1–4 (2009)
Ning, P., Xu, D., Healey, C.G., Amant, R.: Building Attacks Scenarios Through Integration of Complementary Alert Correlation Method. In: Proceedings of Network and Distributed System Security Symposium, San Diego, USA, pp. 69–84 (2004)
Gu, G., Fogla, P., Dagon, D., Lee, W., Skoric, B.: Measuring Intrusion Detection Capability: An Information_Theoretic Approack. In: Proceedings of ACM Symposium on Information, Computer and Communications Security. ACM Press, New York (2006)
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765. IETF Trust (2007)
Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)
MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mora-Gimeno, F.J., Maciá-Pérez, F., Lorenzo-Fonseca, I., Gil-Martínez-Abarca, J.A., Marcos-Jorquera, D., Gilart-Iglesias, V. (2011). Security Alert Correlation Using Growing Neural Gas. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-21323-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)