A Clustering Data Fusion Method for Intrusion Detection System

The increasing advance in technological systems has several impacts that affect the security of information systems. The result of such progress leads to an exponential growth in the ability to generate and access to the information. Therefore, there is a need to have both appropriate and specific data. To achieve this goal, data fusion approaches are applied to analyze large scale of heterogeneous data in complex systems. The existing data fusion systems rely generally on human experts but they lack of training dataset for the fusion techniques. Thus, useful autonomous approach should be applied to fuse data automatically and accurately. In this paper, a decision fusion approach based on clustering technique is proposed. This technique enables the generation of composite attack scenarios by selecting events generated by analyzers while considering their efficiency to detect attacks using defined efficiency criteria. The general system architecture is presented to allocate the data fusion component within the network. Then, the core functioning and the characteristics of the data fusion component are presented.

[1]  Klaus Julisch,et al.  Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[2]  Fabio Roli,et al.  Alarm clustering for intrusion detection systems in computer networks , 2005, Eng. Appl. Artif. Intell..

[3]  B.A. Fessi,et al.  Data collection for information security system , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[4]  Hua Jiang,et al.  A Data Fusion Based Intrusion Detection Model , 2009, 2009 First International Workshop on Education Technology and Computer Science.

[5]  James Llinas,et al.  An introduction to multisensor data fusion , 1997, Proc. IEEE.

[6]  Lucien Wald,et al.  Some terms of reference in data fusion , 1999, IEEE Trans. Geosci. Remote. Sens..

[7]  D. L. Hall,et al.  Mathematical Techniques in Multisensor Data Fusion , 1992 .

[8]  T. Bass,et al.  Intrusion Detection Systems & Multisensor Data Fusion: Creating Cyberspace Situational Awareness , 1999 .

[9]  Sonya A. H. McMullen,et al.  Mathematical Techniques in Multisensor Data Fusion (Artech House Information Warfare Library) , 2004 .

[10]  Xuejiao Liu,et al.  Alert Fusion Based on Cluster and Correlation Analysis , 2008, 2008 International Conference on Convergence and Hybrid Information Technology.

[11]  Rayford B. Vaughn,et al.  Intrusion sensor data fusion in an intelligent intrusion detection system architecture , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[12]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[13]  Fabio Roli,et al.  Information fusion for computer security: State of the art and open issues , 2009, Inf. Fusion.

[14]  Justin M. Beaver,et al.  An information fusion framework for threat assessment , 2009, 2009 12th International Conference on Information Fusion.