Title :
Multi-level alert clustering for intrusion detection sensor data
Author :
Siraj, Ambareen ; Vaughn, Rayford B.
Author_Institution :
Dept. of Comput. Sci. & Eng., Mississippi State Univ., Msstate, MS, USA
Abstract :
Alert fusion is a promising research area in information assurance today. To increase trustworthiness in systems, most modern information systems deployed in distributed environments employ multiple, diverse sensors that monitor security violations throughout the network. The outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion essentially combines alert prioritization, alert clustering and alert correlation. In this paper, we address the alert clustering aspect of sensor data fusion in an intrusion detection environment. A causal knowledge based inference technique with fuzzy cognitive modeling is used to cluster alerts by discovering structural relationships in sensor data.
Keywords :
cognitive systems; fuzzy systems; inference mechanisms; knowledge based systems; security of data; sensor fusion; alert correlation; alert prioritization; fuzzy cognitive modeling; information system; intelligent alert fusion; intrusion detection; knowledge based inference technique; multilevel alert clustering; sensor data fusion; Data engineering; Data security; Information security; Information systems; Intelligent sensors; Intrusion detection; Monitoring; Protection; Sensor fusion; Sensor systems;
Conference_Titel :
Fuzzy Information Processing Society, 2005. NAFIPS 2005. Annual Meeting of the North American
Print_ISBN :
0-7803-9187-X
DOI :
10.1109/NAFIPS.2005.1548632
