For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
The Industry Combination Selection Method in Diversified Investment of Power Generation Group
p.135
Research on the IDE of Visual Programming Language
p.140
Study on Incentive Mechanism of Large-Scale Dredging Project Based on Fairness Preference
p.144
Classification with Local Clustering in Imbalanced Data Sets
p.151
An IDS Alert Aggregation Method Based on Clustering
p.156
A New Similarity Measures of Intuitionistic Fuzzy Sets and Application to Pattern Recognitions
p.160
Defaultable Binary Tree Algorithm for Convertible Bond with Finite Maturity
p.165
Image Acquisition for Pressed Protuberant Characters on Metal Label
p.170
The Diversification Performance Evaluation of Listed Electric Power Corporations Based on DEA Model
p.174

An IDS Alert Aggregation Method Based on Clustering

Article Preview

Abstract:

How to aggregate and reduce duplicated alerts is one of the most important tasks in IDSs. This paper proposed an alert aggregation method, which clustering similar alerts into a hyper alert based on category and feature similarity. For each feature we define an appropriate similarity function. The overall similarity is weighted by a specifiable expectation of similarity. Experiments on DARPA2000 data set have demonstrated the effectiveness of this method.

You might also be interested in these eBooks
Advanced Research on Information Science, Automation and Material System View Preview

Info:

Periodical:

Advanced Materials Research (Volumes 219-220)

Pages:

156-159

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.219-220.156

Citation:

Cite this paper

Online since:

March 2011

Authors:

Qiu Hua Zheng, Yi Guang Xuan, Wei Hua Hu

Keywords:

Aggregation, Attack, IDS, Similarity

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2011 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] F. Aurel, F. Cuppens. Using an intrusion detection alert similarity operator to aggregate and fuse alerts. The 4th Conference on Security and Network Architectures, Bat sur Mer, France. Jun, (2005).

Google Scholar

[2] P. Ning, Y. Cui, and D. S. Reeves. Constructing attack scenarios through correlation of intrusion alerts (full version). TR-2002-13, North Carolina State University, (2002).

DOI: 10.1145/586110.586144

Google Scholar

[3] A. Valdes and K. Skinner. Probabilistic Alert Correlation[C]. In Proceedings of RAID 2001, Lecture Notes in Computer Science 2212, Berlin, Springer-Verlag, 54-68.

DOI: 10.1007/3-540-45474-8_4

Google Scholar

[4] A. Valdes and K. Skinner. Blue Sensors, Sensor Correlation, and Alert Fusion, in RAID 2000, Toulouse, France, October (2000).

Google Scholar

[5] MIT Lincoln Lab. 2000 DARPA intrusion detection scenario specific datasets. http://www.ll.mit.edu / IST/ideval/data/2000/2000_data_index.html, (2000).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.