Using unsupervised learning for network alert correlation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5032 LNAI, Issue , 2008, Pages 308-319

  Smith, Reuben ^a   Japkowicz, Nathalie ^a   Dondo, Maxwell ^b   Mason, Peter ^b  

^a UNIVERSITY OF OTTAWA   (Canada)

^b DEFENCE RESEARCH AND DEVELOPMENT CANADA   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

ALGORITHMS; ARTIFICIAL INTELLIGENCE; BIONICS; BOOLEAN FUNCTIONS; COMPUTATIONAL METHODS; COMPUTER CRIME; COMPUTER NETWORKS; CORRELATION METHODS; EVOLUTIONARY ALGORITHMS; INTRUSION DETECTION; LEARNING SYSTEMS; MATHEMATICAL MODELS; METROPOLITAN AREA NETWORKS; NETWORK PROTOCOLS; SCHEDULING ALGORITHMS; SENSORS; SIGNAL DETECTION; STAGES;

ALERT CORRELATIONS; CANADIAN SOCIETY; COMPUTATIONAL STUDIES; E M ALGORITHMS; EXPERIMENTAL RESULTS; FALSE POSITIVE (FP); HEIDELBERG (CO); INTRUSION DETECTION SYSTEMS (IDSS); LOW MAINTENANCE; NOVELTY DETECTION SYSTEM (NDS); POST-PROCESSING; SPRINGER (CO); TWO STAGES; UNSUPERVISED ALGORITHMS; UNSUPERVISED MACHINE LEARNING;

LEARNING ALGORITHMS;

EID: 44649096422     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-68825-9_29     Document Type: Conference Paper

References (16)

1. Northcutt, S., et al.: SHADOW: Second heuristic analysis for defensive online warfare
2. Danyliw, R.: ACID: Analysis console for intrusion detections
3. Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of sensor alert correlators. IEEE Security and Privacy, 46-56 (2003)
4. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54-68. Springer, Heidelberg (2001)
5. Hätälä, A., Särs, C., Addams-Moring, R., Virtanen, T.: Event data exchange and intrusion alert correlation in heterogeneous networks. In: Proceedings of the 8th Colloquium for Information Systems Security Education (CISSE), Westpoint, NY, CISSE, June 2004, pp. 84-92 (2004)
6. Smith, R., Japkowicz, N., Dondo, M.: Clustering using an autoassociator: A case study in network event correlation. In: Proceedings of the 17th LASTED International Conference on Parallel and Distributed Computing and Systems, Phoenix, AZ, November 2005, pp. 613-618. ACTA Press (2005)
7. Japkowicz, N., Smith, R.: Autocorrel ii: Unsupervised network event correlation using neural networks. Contractor Report CR 2005-155, DRDC Ottawa, Ottawa, ON (October 2005)
8. Julisch, K., Dacier, M.: Mining intrusion detection alarms for actionable knowledge. In: Proceedings of SIGKDD 2002, the 8th International Conference on Knowledge Discovery and Data Mining, Edmonton, Alberta, Canada, July 2002, pp. 366-375. ACM Press, New York (2002)
9. Dain, O., Cunningham, R.K.: Fusing a heterogeneous alert stream into scenarios. In: Proceedings of the 2001 ACM Workshop on Data Mining for Security Applications, Philadelphia, PA, November 2001, pp. 1-13. ACM Press, New York (2001)
10. Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proceedings of the 2004 ACM Symposium on Applied Computing, Nicosia, Cyprus, pp. 412-419. ACM, New York (2004)
11. Laskov, P., Dussel, P., Rieck, C.S.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50-57. Springer, Heidelberg (2005)
12. Dempster, A., Laird, N., Rubin, D.: Maximum likelihood from incoming data via the EM algorithm. J. Royal Stat. Soc., Series B 39(1), 1-36 (1977)
13. Kohonen, T.: Self-Organizing Maps. Springer Series in Information Sciences, vol. 30. Springer, Berlin (1995); (Second Extended Edition 1997)
14. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of LISA 1999: 13th Systems Administration Conference, Seattle, Washington, November 7-12, 1999, pp. 229-238. The USENIX Association (1999)
15. Lippmann, R., Haines, J.W., Fried, D.J., Korba. J., Das, K.: The 1999 darpa off-line intrusion detection evaluation. Computer Networks 34(4), 579-595 (2000)
16. Northcutt, S.: Network Intrusion Detection: An Analyst's Handbook. New Riders Publishing, Indianapolis (1999)