Abstract
Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today’s networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Gorton, D.: Extending Intrusion Detection with Alert Correlation and Intrusion Tolerance. MPhil Thesis, Chalmers University of Technology, Department of Computer Engineering, Goteborg, Sweden (2003)
Treinen, J.J., Thurimella, R.: A Framework for the Application of Association Rule Mining in Large Intrusion Detection Infrastructures. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 1–18. Springer, Heidelberg (2006)
Oreku, G.S., Mtenzi, F.J.: Intrusion Detection Based on Data Mining. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 696–701 (2009)
Ektefa, M., Memar, S., Sidi, F., Affendey, L.S.: Intrusion detection using data mining techniques. In: 2010 International Conference on Information Retrieval & Knowledge Management (CAMP), pp. 200–203 (2010)
Han, J., Pei, H., Yin, Y.: Mining Frequent Patterns without Candidate Generation. In: Proc. Conf. on the Management of Data (SIGMOD 2000), Dallas, TX, pp. 1–12. ACM Press, New York (2000)
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yuan, J., Ding, S. (2011). An Alerts Correlation Technology for Large-Scale Network Intrusion Detection. In: Gong, Z., Luo, X., Chen, J., Lei, J., Wang, F.L. (eds) Web Information Systems and Mining. WISM 2011. Lecture Notes in Computer Science, vol 6987. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23971-7_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-23971-7_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23970-0
Online ISBN: 978-3-642-23971-7
eBook Packages: Computer ScienceComputer Science (R0)