Intrusion Detection Based on Self-Organizing Map and Artificial Immunisation Algorithm

Chen, Zhen Guo; Zhang, Guang Hua; Tian, Li; Geng, Zi Lin

doi:10.4028/www.scientific.net/kem.439-440.29

Cited by 2 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several papers propose clustering algorithms, support vector machines [6] and neural networks as the main detection engine for the implementation of anomaly-based network intrusion detection systems. In particular, the use of Self-Organizing Maps (SOM) for the implementation of an anomaly-based IDS was proposed in [13], [8] and [1]. Unlike previous literature mainly oriented to anomaly detection, in this paper we propose SOM and clustering algorithms for the postprocessing of security alerts generated by a signature-based NIDS.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Multistep Attack Detection and Alert Correlation in Intrusion Detection Systems

Manganiello

Marchetti

Colajanni

2011

Communications in Computer and Information Science

View full text Add to dashboard Cite

Abstract. A growing trend in the cybersecurity landscape is represented by multistep attacks that involve multiple correlated intrusion activities to reach the intended target. The duty of reconstructing complete attack scenarios is left to system administrators because current Network Intrusion Detection Systems (NIDS) are still oriented to generate alerts related to single attacks, with no or minimal correlation. We propose a novel approach for the automatic analysis of multiple security alerts generated by state-of-the-art signature-based NIDS. Our proposal is able to group security alerts that are likely to belong to the same attack scenario, and to identify correlations and causal relationships among them. This goal is achieved by combining alert classification through Self Organizing Maps and unsupervised clustering algorithms. The efficacy of the proposal is demonstrated through a prototype tested against network traffic traces containing multistep attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The correlation value between two alerts is always normalized in [0,1]. This definition of correlation is commutative, and it does not express any causality correlation.…”

Section: Correlation Indexmentioning

confidence: 99%

Multistep Attack Detection and Alert Correlation in Intrusion Detection Systems

Manganiello

Marchetti

Colajanni

2011

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

A Danger Theory Inspired Security Evaluation Paradigm for Computer Network

Sun

2011

AMR

View full text Add to dashboard Cite

Inspired by the potential interesting ideas of the danger theory, a novel security evaluation paradigm for network security, it is called DTPSE, is proposed in this paper. Within DTPSE, computer network attacks are regarded as bacterium, which are dangerous, and induce danger signals through simulating cells undergoing injury, or stress or 'bad cell death'; the network evaluation centre can dynamically aware the security risk by fusion the danger signals received from host-based sensors. Theoretical analysis shows that the proposed paradigm is feasible. Thus, it provides a novel solution to information security risk assessment.

show abstract

Intrusion Detection Based on Self-Organizing Map and Artificial Immunisation Algorithm

Cited by 2 publications

References 9 publications

Multistep Attack Detection and Alert Correlation in Intrusion Detection Systems

Multistep Attack Detection and Alert Correlation in Intrusion Detection Systems

A Danger Theory Inspired Security Evaluation Paradigm for Computer Network

Contact Info

Product

Resources

About