Title :
Alert Fusion Based on Cluster and Correlation Analysis
Author :
Xiao, Shisong ; Zhang, Yugang ; Liu, Xuejiao ; Gao, Jingju
Author_Institution :
Dept. of Comput. Sci., Huazhong Normal Univ., Wuhan
Abstract :
For the purpose of reducing redundant alerts and false alerts as well as recognizing complicated attack scenarios, a multilevel model of alert fusion is presented. This model fuses alerts layer upon layer through primary alert reduction, alert verification, alert clustering and alert correlation. In order to construct accurate and complete attack sensors, in the phase of alert clustering, this paper proposes alert correlation method based on the similarity between alert attributes as well as based on prerequisites and consequences of attacks. The experimental results show that the model is effective and efficient in fusing large numbers of alerts.
Keywords :
correlation methods; fuzzy set theory; pattern clustering; security of data; sensor fusion; alert clustering; alert correlation; alert fusion; alert reduction; alert verification; data security; fuzzy clustering; Computer crime; Computer science; Correlation; Entropy; Fuses; Information analysis; Information technology; Intrusion detection; Proposals; Sensor phenomena and characterization; Alert Fusion; cluster; correlation; network security;
Conference_Titel :
Convergence and Hybrid Information Technology, 2008. ICHIT '08. International Conference on
Conference_Location :
Daejeon
Print_ISBN :
978-0-7695-3328-5
DOI :
10.1109/ICHIT.2008.197
