Adaptive Clustering Method for Reclassifying Network Intrusions

The problems of classification and reporting of suspicious security violations often degenerate to other complex problems. However, efforts of system administrators to mitigate these flaws by reclassifying intrusive datasets so that realistic attacks can be substantiated are frequently unfruitful with swamped datasets. Also, the urgency required to process alerts has made validations of reduction criteria to be implemented with realistic attacks and unfortunately, these consistently endangering computer resources on the networks to more exposures. Consequently, the development of computer attacks that have been warned but still succeed is a classical problem in computer security. In this paper therefore, we have implemented a new clustering method to reduce these problems. Also, evaluation that we performed with synthetic and realistic datasets clustered alerts of each dataset to achieve a cluster of white-listed alerts. Moreover, the results obtained have indicated how system administrators could achieve prompt countermeasures to prevent realistic attacks.

[1]  Wenke Lee,et al.  Discovering Novel Attack Strategies from INFOSEC Alerts , 2004, ESORICS.

[2]  Shahrin Sahib,et al.  Intrusion Alert Correlation Technique Analysis for Heterogeneous Log , 2008 .

[3]  Shian-Shyong Tseng,et al.  A decision support system for constructing an alert classification model , 2009, Expert Syst. Appl..

[4]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[5]  Blake Hartstein Intrusion Detection Likelihood : a Risk-Based Approach Blake Hartstein Intrusion Detection Likelihood : A Risk-Based Approach GSEC Gold Certification , 2008 .

[6]  Ali A. Ghorbani,et al.  Alert Correlation for Extracting Attack Strategies , 2006, Int. J. Netw. Secur..

[7]  Deborah A. Frincke,et al.  Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory , 2005, ACM-SE 43.

[8]  Hervé Debar,et al.  M2D2: A Formal Data Model for IDS Alert Correlation , 2002, RAID.

[9]  Ali A. Ghorbani,et al.  A Rule-based Temporal Alert Correlation System , 2007, Int. J. Netw. Secur..

[10]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[11]  Jaideep Srivastava,et al.  Intrusion Detection: A Survey , 2005 .

[12]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  Urko Zurutuza,et al.  INTRUSION DETECTION ALARM CORRELATION: A SURVEY , 2004 .

[14]  Michael Semling,et al.  Alarm Reduction and Correlation in Intrusion Detection Systems , 2004, DIMVA.

[15]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[16]  Sushil Jajodia,et al.  Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts , 2006, Comput. Commun..

[17]  Rabat Morocco,et al.  Improving the Quality of Alerts with Correlation in Intrusion Detection , 2007 .

[18]  Peng Ning,et al.  Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.

[19]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .