Intrusion alert correlation based on D-S evidence theory

Proceedings of the Second International Conference on Communications and Networking in China, ChinaCom 2007

Volumn , Issue , 2008, Pages 377-381

  Mei, Haibin ^a   Gong, Jian ^a  

^a SOUTHEAST UNIVERSITY   (China)

Author keywords

Alert correlation; D S evidence theory; Intrsion detection system; Network security

Indexed keywords

ALERT CORRELATION; EVIDENCE THEORY; INTRUSION DETECTION SYSTEMS;

CORRELATION METHODS; DATA TRANSFER; NETWORK MANAGEMENT; NETWORK SECURITY;

INTRUSION DETECTION;

EID: 43949119446     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CHINACOM.2007.4469406     Document Type: Conference Paper

References (20)

1. R. Bace, Intrusion detection. Indianapolis: Macmillan Technology Publishing, 2000.
2. D. E. Denning, "An intrusion detection model," IEEE Transactions on Software Engineering, vol.13, pp. 222-232, 1987.
3. J. Li and Z. Li, "Correlation analysis for distributed intrusion alert," Journal of Computer Research and Development, vol. 41, pp. 1919-1923, 2004.
4. P. Ning, Y. Cui, D. S. Reeves, and D. Xu, "Tools and techniques for analyzing intrusion alerts," ACM Trans. on Info. and System Security, vol. 7, no. 2. pp. 273-318, 2004.
5. P. Ning, D. Xu, C. G. Healey, and R. St. Amant, "Building attack scenarios through integration of complementary alert correlation methods," In the Proc. of the 11th Annual Network and Distributed System Security Symposium. San Diego, pp. 97-111, 2004..
6. P. Ning and D. Xu, "Learning attack strategies from intrusion alerts," In Proc. of the 10th ACM Conference on Computer and Communications Security. Washington D.C., pp. 200-209, 2003.
7. H. Debar and A. Wespi, "Aggregation and correlation of intrusion detection alerts," In Proc. of 4th International Symposium on Recent Advances in Intrusion Detection (RAID). Davis, pp. 85-103, 2001..
8. P. Roberto, G. Giorgio, and R. Fabio, "Alarm clustering for intrusion detection systems in computer networks," Engineering Applications of Artificial Intelligence, vol.19, pp. 429-438, 2006.
9. A. Valdes and K. Skinner, "Probabilistic alert correlation," In Proc. of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID). Davis, pp. 54-68, 2001.
10. K. Julisch, "Clustering intrusion detection alarms to support root cause analysis," ACM Trans. on Information and System Security, vol. 4, no. 6, pp. 443-471, 2003.
11. K. Julisch and M. Dacier, "Mining intrusion detection alarms for actionable knowledge," In Proc. of the 8th International Conference on Knowledge Discovery and Data Mining. New York, pp. 366-375, 2002.
12. K. Julisch, "Mining alarm clusters to improve alarm handling efficiency," In 17th Annual Computer Security Applications Conference. New Orleans, pp. 12-21, 2001.
13. A. Dempster, "Upper and lower probabilities induced by multivalued mapping," Annals of Mathematical Statistics, vol. 38, no. 2, pp. 325-339, 1967.
14. J. Zhuge, D. Wang, Y. Chen, Z. Ye, and W. Zou, "A network anomaly detector based on the D-S evidence theory," Journal of Software, vol. 17, no. 3, pp.463-471, 2006.
15. Y. Kang. Theory and application of data fusion. Xian: Press of Electronic Technology University. 1997.
16. D.Cuiry and Hervé Debar, Intrusion detection message exchange format data model and extensible markup language (xml) document type definition1 IETF. http://www.ietf.org/lid-abstracts.html, 2003.
17. MIT Lincoln Lab, 2000 DARPA intrusion detection scenario specific dataset. http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html, 2003. 07.
18. ISS, Inc.: RealSecure intrusion detection system. http://www.iss.net.
19. M. Roesch, "Snort - lightweight intrusion detection for network," In Proc. of the 13th System Administration Conference, LISA 1999, www.snort.org/docs/lisapaper.txt.
20. J. Gong, H. Mei, Y. Ding, and D. Wei, "A multi-feature correlation redundance elimination of intrusion event," Journal of Southeast University, vol. 35, no. 3, pp. 366-371, 2005.