Skip to main content
SpringerLink
Log in
Book cover

International Conference on Web Information Systems and Mining

WISM 2011: Web Information Systems and Mining pp 352–359Cite as

An Alerts Correlation Technology for Large-Scale Network Intrusion Detection

  • Conference paper

  • 1155 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6987))

Abstract

Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today’s networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gorton, D.: Extending Intrusion Detection with Alert Correlation and Intrusion Tolerance. MPhil Thesis, Chalmers University of Technology, Department of Computer Engineering, Goteborg, Sweden (2003)

    Google Scholar 

  2. Treinen, J.J., Thurimella, R.: A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 1–18. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Oreku, G.S., Mtenzi, F.J.: Intrusion Detection Based on Data Mining. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 696–701 (2009)

    Google Scholar 

  4. Ektefa, M., Memar, S., Sidi, F., Affendey, L.S.: Intrusion detection using data mining techniques. In: 2010 International Conference on Information Retrieval & Knowledge Management (CAMP), pp. 200–203 (2010)

    Google Scholar 

  5. Han, J., Pei, H., Yin, Y.: Mining Frequent Patterns without Candidate Generation. In: Proc. Conf. on the Management of Data (SIGMOD 2000), Dallas, TX, pp. 1–12. ACM Press, New York (2000)

    Google Scholar 

  6. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  7. http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html

Download references

Author information

Authors and Affiliations

  1. Institute of Information Management Technology and Application, Northeastern university, Qinhuangdao, China

    Jingbo Yuan & Shunli Ding

Authors
  1. Jingbo Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shunli Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer and Inforamtion Science, University of Macau, Av. Padre Tomás Pereira, Taipa, Macau, China

    Zhiguo Gong

  2. School of Computer, Shanghai University, 200444, Shanghai, China

    Xiangfeng Luo

  3. College of Computer and Software, Taiyuan University of Technology, 030024, Taiyuan, China

    Junjie Chen

  4. School of Computer and Information Engineering, Shanghai University of Electric Power, 200090, Shanghai, China

    Jingsheng Lei

  5. Department of Business Administration, Caritas Institute of Higher Education, 18 Chui Ling Road, Tseung Kwan O, Hong Kong, China

    Fu Lee Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yuan, J., Ding, S. (2011). An Alerts Correlation Technology for Large-Scale Network Intrusion Detection. In: Gong, Z., Luo, X., Chen, J., Lei, J., Wang, F.L. (eds) Web Information Systems and Mining. WISM 2011. Lecture Notes in Computer Science, vol 6987. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23971-7_44

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-23971-7_44

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-23970-0

  • Online ISBN: 978-3-642-23971-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation