3rd International eConference on Computer and Knowledge Engineering , 2013-10-31

Title : ( A New Alert Correlation Framework Based on Entropy )

Authors: Mohammad GhasemiGol , Abbas Ghaemi Bafghi ,

Citation: BibTeX | EndNote

Abstract

With the development of computer networks, security devices produce a large volume of low-level alerts. Analysis and management of these intrusion alerts is troublesome and time consuming task for network supervisors and intrusion response systems. The alert correlation methods find similarity and causality relationships between raw alerts to reduce alert redundancy, intelligently correlate security alerts and detect attack strategies. Several different approaches for alert correlation have been proposed which are desired for detecting known attack scenarios. This paper presents a new alert correlation framework without using predefined knowledge. For this purpose, we define the concept of partial entropy for each alert to find the alert clusters with the same information. Then we represent the alert clusters by intelligible notation called hyper-alert. Finally a subset of hyper-alerts is selected based on the entropy maximization. The results of experiments clearly show the efficiency of the proposed framework. We achieved the promising reduction ratio of 99.83% in LLS_DDOS_1.0 attack scenario in DARPA2000 dataset while the constructed hyper-alerts have the enough information to discover the attack scenario.

Keywords

intrusion detection; alert correlation; entropy; hierarchical clustering method
برای دانلود از شناسه و رمز عبور پرتال پویا استفاده کنید.

@inproceedings{paperid:1040055,
author = {GhasemiGol, Mohammad and Ghaemi Bafghi, Abbas},
title = {A New Alert Correlation Framework Based on Entropy},
booktitle = {3rd International eConference on Computer and Knowledge Engineering},
year = {2013},
location = {مشهد, IRAN},
keywords = {intrusion detection; alert correlation; entropy; hierarchical clustering method},
}

[Download]

%0 Conference Proceedings
%T A New Alert Correlation Framework Based on Entropy
%A GhasemiGol, Mohammad
%A Ghaemi Bafghi, Abbas
%J 3rd International eConference on Computer and Knowledge Engineering
%D 2013

[Download]