Title :
Applying Data Fusion in Collaborative Alerts Correlation
Author :
Zhuang, Xin ; Xiao, Debao ; Liu, Xuejiao ; Zhang, Yugang
Author_Institution :
Dept. of Comput. Sci., Huazhong Normal Univ., Wuhan, China
Abstract :
Due to various network intrusions, network security has always been a main concern of the network administrator. However, nowadays traditional security tools like IDSs, firewalls etc cannot play the roles of effective defense mechanisms. Instead, they only generate elementary alerts to form alert flooding and they often have high false alerts rates. Moreover due to their weak collaboration-awareness, they cannot detect large distributed attacks such as a DDoS attack. In this paper, we present an efficient and effective model for collaborative alerts analyzing. Our system enhances the alert verification using assets¿ contextual information. By applying alert fusion and using a precisely defined knowledge base in the correlation phase, it also provides a method to get general and synthetic alerts from the large volume of elementary alerts. Moreover, this system is able to reconstruct the attack scenarios for multi-step attacks. Experiments show the system can effectively distinguish false positives, detect and predicate large-scale attacks in their early stage.
Keywords :
Internet; correlation methods; groupware; sensor fusion; telecommunication security; Internet-connected organization; asset contextual information; collaborative alert correlation; data fusion; multistep attack; network administrator; network intrusion; network security; Computer networks; Computer science; Computer security; Data security; Floods; Fusion power generation; Humans; International collaboration; Intrusion detection; Operating systems; data fusion. collaborative. correlation. attack scenario reconstruction;
Conference_Titel :
Computer Science and Computational Technology, 2008. ISCSCT '08. International Symposium on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4244-3746-7
DOI :
10.1109/ISCSCT.2008.38
