Universiti Teknologi Malaysia Institutional Repository

Alert processing method with data reduction and correlation technique

Mohamed, Ashara Banu and Idris, Norbik Bashah and Shanmugum, Bharanidharan (2014) Alert processing method with data reduction and correlation technique. Recent Trends in Social and Behaviour Sciences - Proceedings of the 2nd International Congress on Interdisciplinary Behavior and Social Sciences 2013, ICIBSoS 2013 . pp. 183-189.

Full text not available from this repository.

Official URL: https://www.taylorfrancis.com

Abstract

The most glaring and undeniable implementation issue since the very beginning of the IDS technology is the huge amount of alert that has to be processed immediately on a daily basis. This has been reported time and again by practitioners and researchers alike. Hence, in order for an IDS to be successful, the implementation issues have to be resolved in the most effective and efficient manner. Evidently from previous research, it is insufficient to only focus on reducing the number of alerts; thus, the need to establish relationship between the incoming alerts is equally important in the process of analyzing the attacks. Therefore, to produce the best result in managing the huge amount alerts, both techniques which are data reduction and correlation have to be applied concurrently. In this research, we propose a framework that incorporates both data reduction and alert correlation techniques. The proposed algorithm was tested using a global dataset, DARPA. Through the novel clustering method design, we managed to reduce the amount of alerts by 90.25%.We have also introduced a method of calculating the vulnerability level of each cluster generated. Finally, using pattern recognition technique, the proposed algorithm, creates attack scenarios with a method of calculating the successful attack probability for further assessment by the security experts'

Item Type:Article
Uncontrolled Keywords:artificial immune system (AIS), correlation, IDS, pattern recognition
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Advanced Informatics School
ID Code:51744
Deposited By: Siti Nor Hashidah Zakaria
Deposited On:01 Feb 2016 03:53
Last Modified:21 Oct 2018 04:33

Repository Staff Only: item control page