scispace - formally typeset
Book ChapterDOI

An alerts correlation technology for large-scale network intrusion detection

Jingbo Yuan, +1 more
- pp 352-359
TLDR
An approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.
Abstract
Intrusion detection is an important security tool. Intrusion detection systems are becoming ubiquitous defenses in today's networks. But some researches showed that the volume of alerts generated from intrusion detection systems can be overwhelming. The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance. In this paper, an approach of correlating intrusion alerts based on the association rules mining is proposed, which can effectively reduce the repeated alert thereby to reduce the rate of false alarm.

read more

Citations
More filters
Proceedings ArticleDOI

Know Your Achilles' Heel: Automatic Detection of Network Critical Services

Ali Zand, +4 more
TL;DR: A tool, called Paris, is developed, which receives traffic information from various off-the-shelf network monitoring devices and computes an importance metric for the network's components based on which the administrators can prioritize their defensive and prohibitive actions.
References
More filters
Journal ArticleDOI

Mining frequent patterns without candidate generation

Jiawei Han, +2 more
TL;DR: This study proposes a novel frequent pattern tree (FP-tree) structure, which is an extended prefix-tree structure for storing compressed, crucial information about frequent patterns, and develops an efficient FP-tree-based mining method, FP-growth, for mining the complete set of frequent patterns by pattern fragment growth.
Proceedings ArticleDOI

Intrusion detection using data mining techniques

Mohammadreza Ektefa, +3 more
TL;DR: This work aims to use data mining techniques including classification tree and support vector machines for intrusion detection, and results indicate, C4.5 algorithm is better than SVM in detecting network intrusions and false alarm rate in KDD CUP 99 dataset.
Book ChapterDOI

A framework for the application of association rule mining in large intrusion detection infrastructures

James J. Treinen, +1 more
TL;DR: This work presents a novel approach using association rule mining to shorten the time that elapses from the appearance of a new attack profile in the data to its definition as a rule in the production monitoring infrastructure.
Dissertation

Extending Intrusion Detection with Alert Correlation and Intrusion Tolerance

Dan Gorton
TL;DR: The value of intrusion alert correlation and intrusion tolerance in different settings is shown.
Proceedings Article

Intrusion Detection Based on Data Mining.

Xuan Dau Hoang, +2 more
Related Papers (5)

Intrusion Alert Correlation Framework: An Innovative Approach

Huwaida Tagelsir Elshoush, +1 more

Constructing attack scenarios through correlation of intrusion alerts

Peng Ning, +2 more

Methods for post-processing of alerts in intrusion detection: A survey

Georgios Spathoulas, +1 more

Modeling network intrusion detection alerts for correlation

Jingmin Zhou, +4 more
- 01 Feb 2007 - 

A test of intrusion alert filtering based on network information

Teodor Sommestad, +1 more
- 10 Sep 2015 - 
Trending Questions (1)
How do I reset my First Alert CO detector?

The alert aggregation and alert correlation capability has the potential to reduce alert volume and improve detection performance.

See answers from 7 other papers