Mining security events in a distributed agent society

Dasgupta, Dipankar; Rodríguez, J. M. Martínez; Balachandran, Sankalp

doi:10.1117/12.661003

Cited by 4 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Time window size and support values are discussed and the approaches are evaluated using DARPA 1998 dataset. Dasgupta et al [4] used frequent episode mining to analyze security alerts from DARPA 2000 dataset. Some limitations, e.g., minimal confidence and maximal episode length, are mentioned, but the data mining component is otherwise described very briefly as a part of a larger system.…”

Section: Alert Correlationmentioning

confidence: 99%

See 1 more Smart Citation

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

Husák

Kašpar

Bou‐Harb

et al. 2017

Proceedings of the 12th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Data mining is well-known for its ability to extract concealed and indistinct patterns in the data, which is a common task in the field of cyber security. However, data mining is not always used to its full potential among cyber security community. In this paper, we discuss usability of sequential pattern and rule mining, a subset of data mining methods, in an analysis of cyber security alerts. First, we survey the use case of data mining, namely alert correlation and attack prediction. Subsequently, we evaluate sequential pattern and rule mining methods to find the one that is both fast and provides valuable results while dealing with the peculiarities of security alerts. An experiment was performed using the dataset of real alerts from an alert sharing platform. Finally, we present lessons learned from the experiment and a comparison of the selected methods based on their performance and soundness of the results.

show abstract

Section: Alert Correlationmentioning

confidence: 99%

“…In total, we got 16 million security alerts. The alerts are formatted in IDEA 4 , an extensible data exchange format inspired by IDMEF and suited for the needs of SABU platform. Each alert contains at least a timestamp and a category of a reported event.…”

Section: Datasetmentioning

confidence: 99%

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

Husák

Kašpar

Bou‐Harb

et al. 2017

Proceedings of the 12th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…Therefore, based on the SoftMan theory, we have constructed a cooperation control model for intrusion detection system based on multi-SoftMan alliance (MSMIDS) [7]. This system model is adopted distributed architecture [8,9] 2) Data collection SoftMan (DCSM) is a special SoftMan for collection data. DCSM may be located in a detected Host or Server.…”

Section: B the Architecture Of Softmanmentioning

confidence: 99%

Cooperation modeling for intrusion detection system based on Multi-SoftMan

Zheng

2009

2009 3rd International Conference on Anti-Counterfeiting, Security, and Identification in Communication

View full text Add to dashboard Cite

At present, most of the intrusion detection systems (IDS) don't have enough flexibility, intelligentization and maintainability in actual application. Through studying and analyzing the intelligence recognition characteristics of "SoftMan" (SM), a novel cooperation model for intrusion detection system based on Multi-SoftMan alliance (MSMIDS) is proposed to solve these problems. This paper discusses the concepts and various intelligence recognition characteristics in which SoftMan could be applied to the problem of detecting and responding to intrusions. At the same time, the paper visualizes the architecture and system behaviors of the Multi-SoftMan intrusion detection system. Relevant negotiation control process and cooperation control strategy are presented respectively. The experimental results show that MSMIDS is a more adaptive and efficient system. The purpose of the MSMIDS is to bring intelligent negotiation mechanism based on Multi-SoftMan alliance into cooperation system so as to improve the performance and cooperation control capability of the systems. In this way, the system will match the requests. MSMIDS also provides a novel way for implementation of network security system.

show abstract

A Novel Network Security Defence Mechanism Based on Multi-SoftMan

Zheng

2008

2008 ISECS International Colloquium on Computing, Communication, Control, and Management

View full text Add to dashboard Cite

Mining security events in a distributed agent society

Cited by 4 publications

References 9 publications

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts

Cooperation modeling for intrusion detection system based on Multi-SoftMan

A Novel Network Security Defence Mechanism Based on Multi-SoftMan

Contact Info

Product

Resources

About