• DocumentCode
    3440835
  • Title

    Critical Episode Mining in Intrusion Detection Alerts

  • Author

    Soleimani, Mahboobeh ; Ghorbani, Ali A.

  • Author_Institution
    Fac. of Comput. Sci., New Brunswick Univ., Fredericton, NB
  • fYear
    2008
  • fDate
    5-8 May 2008
  • Firstpage
    157
  • Lastpage
    164
  • Abstract
    One of the most important steps in attack detection using Intrusion Detection Systems (IDSs) is dealing with huge number of alerts that can be either critical single alerts and multi-step attack scenarios or false alerts and non-critical ones. In this paper we try to address the problem of managing alerts via a multi-layer alert correlation and Itering that can identify critical alerts after each step of correlation and Itering. After applying the approach on LL DDoS 1.0 data set, we achieved very good results in terms of critical alert detection rates, running time of approach and its memory usage. Our method could extract all of critical and multi-step attacks in LL DDoS 1.0 data set while we had almost 90% reduction in number of alerts.
  • Keywords
    data mining; learning (artificial intelligence); security of data; attack detection; critical episode mining; intrusion detection systems; machine learning; multilayer alert correlation; Intrusion detection; Alert mining; Attack scenario; Critical episode; Episode mining; Multistage attack;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communication Networks and Services Research Conference, 2008. CNSR 2008. 6th Annual
  • Conference_Location
    Halifax, NS
  • Print_ISBN
    978-0-7695-3135-9
  • Type

    conf

  • DOI
    10.1109/CNSR.2008.62
  • Filename
    4519852
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3440835