Alert correlation using artificial immune recognition system

Bateni, Mehdi; Baraani, Ahmad; Ghorbani, Ali A.

doi:10.1504/ijbic.2012.047240

Cited by 8 publications

(4 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main objective of alerts correlation is to build an automated abstract modeling of alerts by reducing the number of meta alerts generated from alert aggregation process (Fatma at el,2013; Bateni et al, 2012 They use a similarity metric to fuse alerts into meta-alerts to provide a higher-level view of the security state of the system. Alert aggregation and scenario construction are conducted by enhancing or relaxing the similarity requirements in some attribute fields.…”

Section: Alert Correlations Systemsmentioning

confidence: 99%

A Review of Intrusion Alerts Correlation Frameworks

Chahira¹,

Kiruki²,

Kemei³

2016

IJCATR

View full text Add to dashboard Cite

: The advancement of modern computers, networks and internet has led to the widespread adoption and application of Information Communication Technology in modern organizations. As a result, large amount of information is generated, processed and distributed through digital devices. On the other side, digital crimes have increased in number and sophistication and they compromise the organization's critical information infrastructure affecting the confidentiality, integrity and availability of its information resources. In order to detect these malicious activities, organizations deploys multiple Network Intrusion Detection Systems (NIDSs) in their corporate networks. They generate huge amount of low quality alerts and in different formats when an attack has already taken place. Thus Alert and event correlation is required to preprocess, analyze and correlate the alerts produced by one or more network intrusion detection systems and events generated from different systems and security tools to provide a more succinct and high-level view of occurring or attempted intrusions. This work will review current alert correlation systems in terms of approaches and propose design consideration for an efficient alert correlation technique. We conclude by highlighting the opportunity to include attack prediction component in a real time multiple sensors environment.

show abstract

Section: Alert Correlations Systemsmentioning

confidence: 99%

A Review of Intrusion Alerts Correlation Frameworks

Chahira¹,

Kiruki²,

Kemei³

2016

IJCATR

View full text Add to dashboard Cite

show abstract

“…(6) Assigning class number for new feature vector by using memory cells. First, calculating the affinity between memory cell and the feature vector by weighted Euclidean distance, then, using KNN algorithm to assign class number for a new feature vector [9]. (7)The evolution of AIRS.…”

Section: Alarm Correlation Analysis Algorithm Based On Acaa_fiementioning

confidence: 99%

Alarm Correlation Analysis Method Based on Fuzzy Immune Evolution

Wang

Qiu

2014

AMM

View full text Add to dashboard Cite

This paper proposes a correlation analysis method based on fuzzy rules and artificial immune. Firstly, we adopt the alarms selection algorithm based on a sliding time window to improve the efficiency of selected alarm. Secondly, the analysis method based on fuzzy correlation rules is used to associate the known patterns static and rapidly. Then, using a method based on immune evolution to improve and adaptive the antibody so as to achieve the dynamic, intelligent correlation of unknown model. The experimental results in LLDOS1.0 and LLDOS2.0 show that the new method gets better accuracy than typical correlation methods, which can ensure the efficiency of correlation analysis and the adaptability of the correlation method.

show abstract

“…Particle swarm optimization (PSO) algorithm introduced by Hsieh et al in 2008 [ 3 ] can be thought of as a typical swarm whose individual agents are birds and has been widely used in all kinds of combination optimization problems [ 4 – 7 ]. What is more, other algorithms such as ant colony optimization (ACO) [ 8 , 9 ] and artificial immune network (aiNet) [ 10 , 11 ] can also be considered as subfields of swarm intelligence.…”

Section: Introductionmentioning

confidence: 99%

Enhancing Artificial Bee Colony Algorithm with Self-Adaptive Searching Strategy and Artificial Immune Network Operators for Global Optimization

Chen

Xiao

2014

The Scientific World Journal

View full text Add to dashboard Cite

Artificial bee colony (ABC) algorithm, inspired by the intelligent foraging behavior of honey bees, was proposed by Karaboga. It has been shown to be superior to some conventional intelligent algorithms such as genetic algorithm (GA), artificial colony optimization (ACO), and particle swarm optimization (PSO). However, the ABC still has some limitations. For example, ABC can easily get trapped in the local optimum when handing in functions that have a narrow curving valley, a high eccentric ellipse, or complex multimodal functions. As a result, we proposed an enhanced ABC algorithm called EABC by introducing self-adaptive searching strategy and artificial immune network operators to improve the exploitation and exploration. The simulation results tested on a suite of unimodal or multimodal benchmark functions illustrate that the EABC algorithm outperforms ACO, PSO, and the basic ABC in most of the experiments.

show abstract

Alert correlation using artificial immune recognition system

Cited by 8 publications

References 25 publications

A Review of Intrusion Alerts Correlation Frameworks

A Review of Intrusion Alerts Correlation Frameworks

Alarm Correlation Analysis Method Based on Fuzzy Immune Evolution

Enhancing Artificial Bee Colony Algorithm with Self-Adaptive Searching Strategy and Artificial Immune Network Operators for Global Optimization

Contact Info

Product

Resources

About