Paper Title:
An IDS Alert Aggregation Method Based on Clustering
  Abstract

How to aggregate and reduce duplicated alerts is one of the most important tasks in IDSs. This paper proposed an alert aggregation method, which clustering similar alerts into a hyper alert based on category and feature similarity. For each feature we define an appropriate similarity function. The overall similarity is weighted by a specifiable expectation of similarity. Experiments on DARPA2000 data set have demonstrated the effectiveness of this method.

  Info
Periodical
Advanced Materials Research (Volumes 219-220)
Edited by
Helen Zhang, Gang Shen and David Jin
Pages
156-159
DOI
10.4028/www.scientific.net/AMR.219-220.156
Citation
Q. H. Zheng, Y. G. Xuan, W. H. Hu, "An IDS Alert Aggregation Method Based on Clustering", Advanced Materials Research, Vols. 219-220, pp. 156-159, 2011
Online since
March 2011
Export
Price
$32.00
Share

In order to see related information, you need to Login.

In order to see related information, you need to Login.

Authors: Hai Bin Mei, Ming Hua Zhang
Chapter 4: Information Technology Applications in Industry and Engineering
Abstract:Alert classifiers built with the supervised classification technique require large amounts of labeled training alerts. Preparing for such...
2309
Authors: Dong Sheng Zhang
Chapter 7: Information Technologies, WEB and Networks Engineering, Information Security, Software Application and Development
Abstract:To resolve conflicts between share and collaborative analysis requirements of security alarm and alert data holders worries about privacy, it...
3646
Authors: Yong Wei Wang, Hui Fang Su, Wei Qiu
Chapter 9: Information Technologies, WEB and Networks Engineering, Information Security and Software Application
Abstract:This paper proposes a correlation analysis method based on fuzzy rules and artificial immune. Firstly, we adopt the alarms selection...
6191