DocumentCode
2643707
Title
Multi-level alert clustering for intrusion detection sensor data
Author
Siraj, Ambareen ; Vaughn, Rayford B.
Author_Institution
Dept. of Comput. Sci. & Eng., Mississippi State Univ., Msstate, MS, USA
fYear
2005
fDate
26-28 June 2005
Firstpage
748
Lastpage
753
Abstract
Alert fusion is a promising research area in information assurance today. To increase trustworthiness in systems, most modern information systems deployed in distributed environments employ multiple, diverse sensors that monitor security violations throughout the network. The outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion essentially combines alert prioritization, alert clustering and alert correlation. In this paper, we address the alert clustering aspect of sensor data fusion in an intrusion detection environment. A causal knowledge based inference technique with fuzzy cognitive modeling is used to cluster alerts by discovering structural relationships in sensor data.
Keywords
cognitive systems; fuzzy systems; inference mechanisms; knowledge based systems; security of data; sensor fusion; alert correlation; alert prioritization; fuzzy cognitive modeling; information system; intelligent alert fusion; intrusion detection; knowledge based inference technique; multilevel alert clustering; sensor data fusion; Data engineering; Data security; Information security; Information systems; Intelligent sensors; Intrusion detection; Monitoring; Protection; Sensor fusion; Sensor systems;
fLanguage
English
Publisher
ieee
Conference_Titel
Fuzzy Information Processing Society, 2005. NAFIPS 2005. Annual Meeting of the North American
Print_ISBN
0-7803-9187-X
Type
conf
DOI
10.1109/NAFIPS.2005.1548632
Filename
1548632
Link To Document