Book ChapterDOI
An alerts correlation technology for large-scale network intrusion detection
Jingbo Yuan,Shunli Ding +1 more
- pp 352-359
TLDR
An approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.Abstract:
Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.read more
Citations
More filters
Proceedings ArticleDOI
Know Your Achilles' Heel: Automatic Detection of Network Critical Services
TL;DR: A tool, called Paris, is developed, which receives traffic information from various off-the-shelf network monitoring devices and computes an importance metric for the network's components based on which the administrators can prioritize their defensive and prohibitive actions.
References
More filters
Journal ArticleDOI
Mining frequent patterns without candidate generation
Jiawei Han,Jian Pei,Yiwen Yin +2 more
TL;DR: This study proposes a novel frequent pattern tree (FP-tree) structure, which is an extended prefix-tree structure for storing compressed, crucial information about frequent patterns, and develops an efficient FP-tree-based mining method, FP-growth, for mining the complete set of frequent patterns by pattern fragment growth.
Proceedings ArticleDOI
Intrusion detection using data mining techniques
TL;DR: This work aims to use data mining techniques including classification tree and support vector machines for intrusion detection, and results indicate, C4.5 algorithm is better than SVM in detecting network intrusions and false alarm rate in KDD CUP 99 dataset.
Book ChapterDOI
A framework for the application of association rule mining in large intrusion detection infrastructures
TL;DR: This work presents a novel approach using association rule mining to shorten the time that elapses from the appearance of a new attack profile in the data to its definition as a rule in the production monitoring infrastructure.
Dissertation
Extending Intrusion Detection with Alert Correlation and Intrusion Tolerance
TL;DR: The value of intrusion alert correlation and intrusion tolerance in different settings is shown.