Dynamic Intrusion alerts generation and Aggregation using Intelligent IDS

Mrs.Sudha Singaraju; G.Srikanth

doi:https://doi.org/10.14445/22312803/IJCTT-V4I7P128

Research Article | Open Access | Download PDF

Volume 4 | Issue 7 | Year 2013 | Article Id. IJCTT-V4I7P128 | DOI : https://doi.org/10.14445/22312803/IJCTT-V4I7P128

Dynamic Intrusion alerts generation and Aggregation using Intelligent IDS

Mrs.Sudha Singaraju, G.Srikanth

Citation :

Mrs.Sudha Singaraju, G.Srikanth, "Dynamic Intrusion alerts generation and Aggregation using Intelligent IDS," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 7, pp. 2131-2134, 2013. Crossref, https://doi.org/10.14445/22312803/IJCTT-V4I7P128

Abstract

The essential subtask of intrusion detection is Alert aggregation. Protecting our data in the internet is a great risk. Intruders and hackers are always ready grab our data. To identify unauthorized users and to cluster different alerts produced by low-level intrusion detection systems firewalls, Intrusion detection system has been introduced. The relevant information whereas the amount of data can be reduced substantially by Meta-alters which will be generated for the clusters. At a certain point in time which has been initiated by an attacker is belonging to a specific hacking. For communication within a distributed intrusion detection system the meta-alerts may be the basis for reporting to security experts. In this paper, for online alert aggregation we propose a novel technique which is based on a dynamic and probabilistic model of current attack situation. For the estimation of the model parameters, it can be regarded as a data stream version of a maximum likelihood approach. The first alerts, which are belonging to a new attack instance, are generated with meta-alerts with a delay of typically only a few seconds. To achieve Reduction rates while the number of missing meta-alerts is extremely low can be possible with the three benchmark data sets are demonstrated.

Keywords

Intrusion Detection System, Alert Aggregation, different layers, Meta alerts.

References

[1] S. Axelsson, “Intrusion Detection Systems: A Survey and Taxonomy,” Technical Report 99-15, Dept. of Computer Eng., Chalmers Univ. of Technology, 2000.
[2] M.R. Endsley, “Theoretical Underpinnings of Situation Awareness: A Critical Review,” Situation Awareness Analysis and Measurement, M.R. Endsley and D.J. Garland, eds., chapter 1, pp. 3-32, Lawrence Erlbaum Assoc., 2000.
[3] C.M. Bishop, Pattern Recognition and Machine Learning. Springer, 2006.
[4] M.R. Henzinger, P. Raghavan, and S. Rajagopalan, Computing on Data Streams. Am. Math. Soc., 1999.
[5] A. Allen, “Intrusion Detection Systems: Perspective,” Technical Report DPRO-95367, Gartner, Inc., 2003.
[6] F. Valeur, G. Vigna, C. Kru¨ gel, and R.A.Kemmerer, “A Comprehensive Approach to Intrusion Detection Alert Correlation,” IEEE Trans. Dependable and Secure Computing, vol. 1, no. 3, pp. 146-169, July-Sept. 2004.
[7] H. Debar and A. Wespi, “Aggregation and Correlation of Intrusion-Detection Alerts,” Recent Advances in Intrusion Detection, W. Lee, L. Me, and A. Wespi, eds., pp. 85-103, Springer, 2001.
[8] D. Li, Z. Li, and J. Ma, “Processing Intrusion Detection Alerts in Large-Scale Network,” Proc. Int’l Symp. Electronic Commerce and Security, pp. 545- 548, 2008.
[9] F. Cuppens, “Managing Alerts in a Multi-Intrusion Detection Environment,” Proc. 17th Ann. Computer Security Applications Conf. (ACSAC ’01), pp. 22-31, 2001.
[10] A. Valdes and K. Skinner, “Probabilistic Alert Correlation,” Recent Advances in Intrusion Detection, W. Lee, L. Me, and A. Wespi, eds. pp. 54-68, Springer, 2001.
[11] K. Julisch, “Using Root Cause Analysis to Handle Intrusion Detection Alarms,” PhD dissertation, Universita¨ t Dortmund, 2003.
[12] T. Pietraszek, “Alert Classification to Reduce False Positives in Intrusion Detection,” PhD dissertation, Universita¨ t Freiburg, 2006.
[13] F. Autrel and F. Cuppens, “Using an Intrusion Detection Alert Similarity Operator to Aggregate and Fuse Alerts,” Proc. Fourth Conf. Security and Network Architectures, pp. 312-322, 2005.
[14] G. Giacinto, R. Perdisci, and F. Roli, “Alarm Clustering for Intrusion Detection Systems in Computer Networks,” Machine Learning and Data Mining in Pattern Recognition, P. Perner and A. Imiya, eds. pp. 184-193, Springer, 2005.
[15] O. Dain and R. Cunningham, “Fusing a Heterogeneous Alert Stream into Scenarios,” Proc.2001 ACM Workshop Data Mining for Security Applications, pp. 1-13, 2001.
[16] P. Ning, Y. Cui, D.S. Reeves, and D. Xu, “Techniques and Tools for Analyzing Intrusion Alerts,” ACM Trans. Information Systems Security,vol. 7, no. 2, pp. 274-318, 2004.
[18] S.T. Eckmann, G. Vigna, and R.A. Kemmerer,“STATL: An Attack Language for State- Based Intrusion Detection,” J. Computer Security, vol. 10, nos. 1/2, pp. 71-103, 2002.
[19] M.S. Shin, H. Moon, K.H. Ryu, K. Kim, and J.Kim, “Applying Data Mining Techniques to Analyze Alert Data,” Web Technologies and Applications, X
[20] J. Song, H. Ohba, H. Takakura, Y. Okabe, K.Ohira, and Y. Kwon, “A Comprehensive Approach to Detect Unknown Attacks via Intrusion Detection Alerts,” Advances in Computer Science—ASIAN 2007, Computer and Network Security, I. Cervesato, ed., pp. 247-253, Springer, 2008.