An alert fusion model inspired by artificial immune system

Mahboubian, Mohammad; Udzir, Nur Izura; Subramaniam, Shamala; Hamid, Nor Asilah Wati Abdul

doi:10.1109/cybersec.2012.6246083

Cited by 4 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is based on the difference between healthy and stressed/injured cells. It assumes that cells do not release alarm signals when they die by normally planned processes (known as apoptosis), while cells release alarm signals when they are stressed, injured, or die abnormally (necrosis) [38].…”

Section: A) Genetic Algorithm (Ga)mentioning

confidence: 99%

A taxonomy on intrusion alert aggregation techniques

Ahmed

Siraj

Zainal

et al. 2014

2014 International Symposium on Biometrics and Security Technologies (ISBAST)

View full text Add to dashboard Cite

As security threats advance in a drastic way, most of the organizations apply various intrusion detection systems (IDSs) to optimize detection and to provide comprehensive view of intrusion activities. But IDS produces huge number of duplicated alerts information that overwhelm security operator. Alert aggregation addresses this issue by reducing, fusing and clustering the alerts. Techniques from a different scope of disciplines have been proposed by researchers for different aspects of aggregation. In this paper we present a comprehensive review on proposed alert aggregation techniques. Our main contribution is to classify the literature based on the techniques applied to aggregate the alerts.

show abstract

Section: A) Genetic Algorithm (Ga)mentioning

confidence: 99%

A taxonomy on intrusion alert aggregation techniques

Ahmed

Siraj

Zainal

et al. 2014

2014 International Symposium on Biometrics and Security Technologies (ISBAST)

View full text Add to dashboard Cite

show abstract

“…By calculating the similarities of two pairs of alerts, a score of correlation between these alerts can be determined and the process to group the alerts into different clusters will be based on this score. This method is simple and easy to implement, but failed in detecting complex attacks due to its reliance only on expert knowledge to determine the similarity degree between attack classes [19,20]. In addition, it fails to discover the causal connection between alerts when alerts with different attributes have been induced in a single attack.…”

Section: A Similarities Of Alert Attributesmentioning

confidence: 99%

“…In this case, the repeated comparisons between alerts will lead to a very huge computational overload especially in large-scale networks. Besides this, this approach requires a lengthy initial period of training [19]. Table I shows some current related works of alert correlation with their approach.…”

Section: Expert System and Data Miningmentioning

confidence: 99%

“…Table I shows some current related works of alert correlation with their approach. √ Zeinab Zali et al [13] √ Fatemeh Kavousi et al [29] √ Mohammad Mahboubian et al [19] √ √ Fatemeh Amiri et al [30] √ Ali Ebrahimi et al [12] √ Micro Marchetti et al [31] √ √ Ayman E.Taha et al [10] √ √ Karim Tabia et al [32] √ √ Li Yang et al [33] √ √ √ Donghai Tian et al [11] √ √ Chenn-Jung Huang et al [34] √ √ Seyed Hossein Ahmadinejad et al [35] √ V. CONCLUSION…”

Section: Expert System and Data Miningmentioning

confidence: 99%

See 1 more Smart Citation

A Comparative Study of Alert Correlations for Intrusion Detection

Leau

Ramadass

Manickam

et al. 2013

2013 International Conference on Advanced Computer Science Applications and Technologies

View full text Add to dashboard Cite

The prevalent use of computer applications and communication technologies has rising the numbers of network intrusion attempts. These malicious attempts including hacking, botnets and works are pushing organization networks to a risky atmosphere where the intruder tries to compromise the confidentiality, integrity and availability of resources. In order to detect these malicious activities, Intrusion Detection Systems (IDSs) have been widely deployed in corporate networks. IDSs play an important role in monitoring traffic behaviors in a computer network, identifying the anomalous activity and notifying the security analyst with current network status. Unfortunately, one of the IDSs' drawbacks is they produce a large number of false positives and nonrelevant positives alerts that could overwhelm the security analyst. Therefore, the process of analyzing alerts in order to provide a more synthetic and high-level view of the attempted intrusions is needed. This process is called Alert Correlation. In this paper, we present commonly used alert correlation approaches and highlight their advantages and disadvantages from various perspectives. Subsequently, we summarize some current alert correlation models with their alert correlation approach.

show abstract

Study of Threat Scenario Reconstruction based on Multiple Correlation

Yuan

Qin

et al. 2017

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

An alert fusion model inspired by artificial immune system

Cited by 4 publications

References 19 publications

A taxonomy on intrusion alert aggregation techniques

A taxonomy on intrusion alert aggregation techniques

A Comparative Study of Alert Correlations for Intrusion Detection

Study of Threat Scenario Reconstruction based on Multiple Correlation

Contact Info

Product

Resources

About