• DocumentCode
    2643707
  • Title

    Multi-level alert clustering for intrusion detection sensor data

  • Author

    Siraj, Ambareen ; Vaughn, Rayford B.

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Mississippi State Univ., Msstate, MS, USA
  • fYear
    2005
  • fDate
    26-28 June 2005
  • Firstpage
    748
  • Lastpage
    753
  • Abstract
    Alert fusion is a promising research area in information assurance today. To increase trustworthiness in systems, most modern information systems deployed in distributed environments employ multiple, diverse sensors that monitor security violations throughout the network. The outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion essentially combines alert prioritization, alert clustering and alert correlation. In this paper, we address the alert clustering aspect of sensor data fusion in an intrusion detection environment. A causal knowledge based inference technique with fuzzy cognitive modeling is used to cluster alerts by discovering structural relationships in sensor data.
  • Keywords
    cognitive systems; fuzzy systems; inference mechanisms; knowledge based systems; security of data; sensor fusion; alert correlation; alert prioritization; fuzzy cognitive modeling; information system; intelligent alert fusion; intrusion detection; knowledge based inference technique; multilevel alert clustering; sensor data fusion; Data engineering; Data security; Information security; Information systems; Intelligent sensors; Intrusion detection; Monitoring; Protection; Sensor fusion; Sensor systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Fuzzy Information Processing Society, 2005. NAFIPS 2005. Annual Meeting of the North American
  • Print_ISBN
    0-7803-9187-X
  • Type

    conf

  • DOI
    10.1109/NAFIPS.2005.1548632
  • Filename
    1548632