Title :
An Intrusion Alert Correlation Approach Based on Finite Automata
Author :
Liu, Lei ; Zheng, Kangfeng ; Yang, Yixian
Author_Institution :
Key Lab. Of Network & Inf. Attack, Beijing Univ. Of Posts & Telecommun., Beijing, China
Abstract :
Intrusion alert analysis system correlates alerts that generated by one or more IDS(s), and yields a succinct attack scenario which reflects an intrusion process. This paper presents an intrusion alert analysis model consists of four modules: alert formalization, alert filtering, alert fusion and correlation, and scenario visualization. Alerts are fused and correlated using approach based on finite automata. Three kinds of high-level views of attacks are generated, i.e. process-critical scenario, attacker-critical scenario, and victim-critical scenario. Experiments show that the approach can reduce the redundancy of intrusion alerts and correlate them well.
Keywords :
correlation methods; filtering theory; finite automata; security of data; alert filtering; alert formalization; alert fusion; attacker-critical scenario; finite automata; intrusion alert analysis system; intrusion alert correlation; succinct attack scenario; victim-critical scenario; Analytical models; Automata; Correlation; Data mining; Filtering; Laboratories; Training data; IDS; alert correlation; alert fusion; finite automaton;
Conference_Titel :
Communications and Intelligence Information Security (ICCIIS), 2010 International Conference on
Conference_Location :
Nanning
Print_ISBN :
978-1-4244-8649-6
Electronic_ISBN :
978-0-7695-4260-7
DOI :
10.1109/ICCIIS.2010.37
