An Alert Correlation Method Based on Improved Cluster Algorithm

An Alert Correlation Method Based on Improved Cluster Algorithm

In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depen...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Xi Peng, Yugang Zhang, Shisong Xiao, Zheng Wu, JianQun Cui, Limiao Chen, Debao Xiao
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Alert
Application software
Cluster
Clustering algorithms
Collaboration
Computational intelligence
Computer industry
Computer science
Conferences
Correlation
Intrusion detection
Particle swarm optimization
QPSO
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 347
container_issue
container_start_page 342
container_title
container_volume 1
creator Xi Peng
Yugang Zhang
Shisong Xiao
Zheng Wu
JianQun Cui
Limiao Chen
Debao Xiao
description In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depend on complicated background knowledge base and has some limits in discovering new attacks. The cluster can aggregate the relational alerts by computing the similarity between alert attributes, as well as can discover new and simple high-level attacks. However, it is difficult to establish the attribute weights in the similarity membership function of two alerts and the threshold of classification similarity value. In order to solve the problem, the quantum-behaved particle swarm optimization algorithm is used to optimize the weights and similarity value. In view of the advantages and disadvantages of cluster and correlation, this paper uses improved cluster algorithm to optimize correlation in the process of attack detection. The experimental results on LLS DDoS1.0 prove that the method proposed is useful and effective.
doi_str_mv 10.1109/PACIIA.2008.285
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4756579</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4756579</ieee_id><sourcerecordid>4756579</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-b808ed6743091ef1ca1148768961d88488f30e58b1c09ceedcb774ab8b9625993</originalsourceid><addsrcrecordid>eNotjE1Lw0AURQekoK1du3CTP5D4JpmP91YSg9ZApV10XybJi40kTZmMgv_eiK7uPRfOFeJOQiIl0MM-L8oyT1IATFLUV2IJ1pDOFEG6EMvfnQCVSa_Fepo-AECSsRLUjXjMz1Hesw9RMXrPvQvdeI7eOJzGJnpyEzfRzOVw8ePX3Iv-cwrsZ-V99F04Dbdi0bp-4vV_rsTh5flQvMbb3aYs8m3cEYS4QkBujFUZkORW1k5KhdYgGdkgKsQ2A9ZYyRqoZm7qylrlKqzIpJooW4n7v9uOmY8X3w3Ofx-V1UZbyn4Akt1H2A</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>An Alert Correlation Method Based on Improved Cluster Algorithm</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Xi Peng ; Yugang Zhang ; Shisong Xiao ; Zheng Wu ; JianQun Cui ; Limiao Chen ; Debao Xiao</creator><creatorcontrib>Xi Peng ; Yugang Zhang ; Shisong Xiao ; Zheng Wu ; JianQun Cui ; Limiao Chen ; Debao Xiao</creatorcontrib><description>In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depend on complicated background knowledge base and has some limits in discovering new attacks. The cluster can aggregate the relational alerts by computing the similarity between alert attributes, as well as can discover new and simple high-level attacks. However, it is difficult to establish the attribute weights in the similarity membership function of two alerts and the threshold of classification similarity value. In order to solve the problem, the quantum-behaved particle swarm optimization algorithm is used to optimize the weights and similarity value. In view of the advantages and disadvantages of cluster and correlation, this paper uses improved cluster algorithm to optimize correlation in the process of attack detection. The experimental results on LLS DDoS1.0 prove that the method proposed is useful and effective.</description><identifier>ISBN: 0769534902</identifier><identifier>ISBN: 9780769534909</identifier><identifier>DOI: 10.1109/PACIIA.2008.285</identifier><identifier>LCCN: 2008908462</identifier><language>eng</language><publisher>IEEE</publisher><subject>Alert ; Application software ; Cluster ; Clustering algorithms ; Collaboration ; Computational intelligence ; Computer industry ; Computer science ; Conferences ; Correlation ; Intrusion detection ; Particle swarm optimization ; QPSO</subject><ispartof>2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application, 2008, Vol.1, p.342-347</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4756579$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4756579$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Xi Peng</creatorcontrib><creatorcontrib>Yugang Zhang</creatorcontrib><creatorcontrib>Shisong Xiao</creatorcontrib><creatorcontrib>Zheng Wu</creatorcontrib><creatorcontrib>JianQun Cui</creatorcontrib><creatorcontrib>Limiao Chen</creatorcontrib><creatorcontrib>Debao Xiao</creatorcontrib><title>An Alert Correlation Method Based on Improved Cluster Algorithm</title><title>2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application</title><addtitle>PACIIA</addtitle><description>In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depend on complicated background knowledge base and has some limits in discovering new attacks. The cluster can aggregate the relational alerts by computing the similarity between alert attributes, as well as can discover new and simple high-level attacks. However, it is difficult to establish the attribute weights in the similarity membership function of two alerts and the threshold of classification similarity value. In order to solve the problem, the quantum-behaved particle swarm optimization algorithm is used to optimize the weights and similarity value. In view of the advantages and disadvantages of cluster and correlation, this paper uses improved cluster algorithm to optimize correlation in the process of attack detection. The experimental results on LLS DDoS1.0 prove that the method proposed is useful and effective.</description><subject>Alert</subject><subject>Application software</subject><subject>Cluster</subject><subject>Clustering algorithms</subject><subject>Collaboration</subject><subject>Computational intelligence</subject><subject>Computer industry</subject><subject>Computer science</subject><subject>Conferences</subject><subject>Correlation</subject><subject>Intrusion detection</subject><subject>Particle swarm optimization</subject><subject>QPSO</subject><isbn>0769534902</isbn><isbn>9780769534909</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjE1Lw0AURQekoK1du3CTP5D4JpmP91YSg9ZApV10XybJi40kTZmMgv_eiK7uPRfOFeJOQiIl0MM-L8oyT1IATFLUV2IJ1pDOFEG6EMvfnQCVSa_Fepo-AECSsRLUjXjMz1Hesw9RMXrPvQvdeI7eOJzGJnpyEzfRzOVw8ePX3Iv-cwrsZ-V99F04Dbdi0bp-4vV_rsTh5flQvMbb3aYs8m3cEYS4QkBujFUZkORW1k5KhdYgGdkgKsQ2A9ZYyRqoZm7qylrlKqzIpJooW4n7v9uOmY8X3w3Ofx-V1UZbyn4Akt1H2A</recordid><startdate>200812</startdate><enddate>200812</enddate><creator>Xi Peng</creator><creator>Yugang Zhang</creator><creator>Shisong Xiao</creator><creator>Zheng Wu</creator><creator>JianQun Cui</creator><creator>Limiao Chen</creator><creator>Debao Xiao</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200812</creationdate><title>An Alert Correlation Method Based on Improved Cluster Algorithm</title><author>Xi Peng ; Yugang Zhang ; Shisong Xiao ; Zheng Wu ; JianQun Cui ; Limiao Chen ; Debao Xiao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-b808ed6743091ef1ca1148768961d88488f30e58b1c09ceedcb774ab8b9625993</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Alert</topic><topic>Application software</topic><topic>Cluster</topic><topic>Clustering algorithms</topic><topic>Collaboration</topic><topic>Computational intelligence</topic><topic>Computer industry</topic><topic>Computer science</topic><topic>Conferences</topic><topic>Correlation</topic><topic>Intrusion detection</topic><topic>Particle swarm optimization</topic><topic>QPSO</topic><toplevel>online_resources</toplevel><creatorcontrib>Xi Peng</creatorcontrib><creatorcontrib>Yugang Zhang</creatorcontrib><creatorcontrib>Shisong Xiao</creatorcontrib><creatorcontrib>Zheng Wu</creatorcontrib><creatorcontrib>JianQun Cui</creatorcontrib><creatorcontrib>Limiao Chen</creatorcontrib><creatorcontrib>Debao Xiao</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Xi Peng</au><au>Yugang Zhang</au><au>Shisong Xiao</au><au>Zheng Wu</au><au>JianQun Cui</au><au>Limiao Chen</au><au>Debao Xiao</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>An Alert Correlation Method Based on Improved Cluster Algorithm</atitle><btitle>2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application</btitle><stitle>PACIIA</stitle><date>2008-12</date><risdate>2008</risdate><volume>1</volume><spage>342</spage><epage>347</epage><pages>342-347</pages><isbn>0769534902</isbn><isbn>9780769534909</isbn><abstract>In the past several years, the alert correlation methods have been advocated to discover high-level attack scenarios by correlating the low-level alerts. The causal correlation method based on prerequisites and consequences has great advantages in the process of correlating alerts. But it must depend on complicated background knowledge base and has some limits in discovering new attacks. The cluster can aggregate the relational alerts by computing the similarity between alert attributes, as well as can discover new and simple high-level attacks. However, it is difficult to establish the attribute weights in the similarity membership function of two alerts and the threshold of classification similarity value. In order to solve the problem, the quantum-behaved particle swarm optimization algorithm is used to optimize the weights and similarity value. In view of the advantages and disadvantages of cluster and correlation, this paper uses improved cluster algorithm to optimize correlation in the process of attack detection. The experimental results on LLS DDoS1.0 prove that the method proposed is useful and effective.</abstract><pub>IEEE</pub><doi>10.1109/PACIIA.2008.285</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 0769534902
ispartof 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application, 2008, Vol.1, p.342-347
issn
language eng
recordid cdi_ieee_primary_4756579
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Alert
Application software
Cluster
Clustering algorithms
Collaboration
Computational intelligence
Computer industry
Computer science
Conferences
Correlation
Intrusion detection
Particle swarm optimization
QPSO
title An Alert Correlation Method Based on Improved Cluster Algorithm
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-10T16%3A45%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=An%20Alert%20Correlation%20Method%20Based%20on%20Improved%20Cluster%20Algorithm&rft.btitle=2008%20IEEE%20Pacific-Asia%20Workshop%20on%20Computational%20Intelligence%20and%20Industrial%20Application&rft.au=Xi%20Peng&rft.date=2008-12&rft.volume=1&rft.spage=342&rft.epage=347&rft.pages=342-347&rft.isbn=0769534902&rft.isbn_list=9780769534909&rft_id=info:doi/10.1109/PACIIA.2008.285&rft_dat=%3Cieee_6IE%3E4756579%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4756579&rfr_iscdi=true