2012 International Conference on Communication Systems and Network Technologies 2012
DOI: 10.1109/csnt.2012.212
|View full text |Cite
|
Sign up to set email alerts
|

Alert Correlation Using a Novel Clustering Approach

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
0

Year Published

2012
2012
2023
2023

Publication Types

Select...
3
2
2

Relationship

1
6

Authors

Journals

citations
Cited by 9 publications
(5 citation statements)
references
References 30 publications
0
5
0
Order By: Relevance
“…Most researchers analyze IDS alerts in terms of signs of network flows, such as IP addresses, ports, protocols, and others. Mohamed et al [19] use the target asset and destination IP address as alert attributes to identify patterns of attacks against specific assets. They combine alert attributes into clusters, and calculate the hash sum of each cluster for later comparison and similarity.…”
Section: A Similarity-based Methods 1) Attribute-based Methodsmentioning
confidence: 99%
“…Most researchers analyze IDS alerts in terms of signs of network flows, such as IP addresses, ports, protocols, and others. Mohamed et al [19] use the target asset and destination IP address as alert attributes to identify patterns of attacks against specific assets. They combine alert attributes into clusters, and calculate the hash sum of each cluster for later comparison and similarity.…”
Section: A Similarity-based Methods 1) Attribute-based Methodsmentioning
confidence: 99%
“…The authors maintained the AOI techniques, and worked on the over generalization problem and computational setbacks in the Julish's work through developing a new approximation clustering algorithm while introducing the Nearest Common Ancestor (NCA) concept as a tool to calculate distance and initiate the cluster. Mohamed et al [15] argue that the data mining approaches applied in the previous work are not suitable because of the generalization technique operates on pure assumption that alerts can be grouped together because they shared some common features or belong to the same ancestor. Secondly, the usage of distance measurement not only creates room for error while clustering but also indicates high computational cost since distance will have to be calculated between every single alert and each existing cluster.…”
Section: A Hierarchical Clustering Algorithmmentioning
confidence: 99%
“…The revised taxonomy of alert processing illustrated in [9], indicates that both techniques are being implemented by research in the process of developing the ultimate solution. Feature selection is the common entity of data reduction which being used in all researches; nonetheless, there are many others that used additional reduction techniques before applying the correlation techniques in their research.…”
Section: Related Workmentioning
confidence: 99%
“…Due to the detection mechanism and configuration of the sensors, the numbers of alerts generated daily are huge; therefore, efforts in trying to find the best processing method is very important as the implementation of IDS grew among practitioners worldwide. In the midst of finding the best method, many ideas and solution were proposed, which could be grouped into data reduction and correlation techniques; conversely researches that generate the best result are the one that incorporate both techniques in one solution [9]. Managing the alerts generated by the IDS sensors has to be conducted systematically and efficiently; this is to maintain the accuracy of the alerts to be processed.…”
Section: Related Workmentioning
confidence: 99%