Title :
Event Correlation on the Basis of Activation Patterns
Author :
Teufl, Peter ; Payer, Udo ; Fellner, Reinhard
Author_Institution :
Inst. for Appl. Inf. Process. & Commun. (IAIK), Graz Univ. of Technol., Graz, Austria
Abstract :
Intrusion Detection Systems (IDS) deploy various sensors that collect data, process this data and report events. The process of combining these events or superordinate incidences is known as event correlation. The key issues of this process are (1) to find a way how to combine events based on different data types (e. g. log entries, connection statistics or protocol identifiers), (2) to build a model representing the relations between the events and (3) to apply subsequent analysis that allow us to extract meaningful information from the trained model. In order to address these key issues, we introduce the concept of Activation Patterns. These patterns are generated by applying various techniques from machine learning and artificial intelligence to the raw event data. The presented technique is then integrated into an event correlation system. We describe the system and evaluate it by analyzing a popular intrusion detection data set consisting of a wide range of different features.
Keywords :
security of data; activation patterns; artificial intelligence; connection statistics; event correlation system; intrusion detection systems; log entries; machine learning; protocol identifiers; superordinate incidences; Artificial intelligence; Data mining; Event detection; Expert systems; Humans; Information processing; Intrusion detection; Libraries; Machine learning; Sensor systems; activation patterns; event correlation; kdd; machine learning; semantic networks; sensor fusion; spreading activation; unsupervised clustering;
Conference_Titel :
Parallel, Distributed and Network-Based Processing (PDP), 2010 18th Euromicro International Conference on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-5672-7
Electronic_ISBN :
1066-6192
DOI :
10.1109/PDP.2010.80
