NETWORK ALERT CORRELATION USING OUTLIER DETECTION METHODS


Syarif, Iwan (2010) NETWORK ALERT CORRELATION USING OUTLIER DETECTION METHODS. (Submitted)

Download

[img] PDF (PhD Progress Report)
Restricted to Registered users only

Download (219Kb) | Request a copy

Description/Abstract

The use of an Intrusion Detection System (IDS) as a security perimeter tool has many advantages but also creates another difficult problem. Most IDSs focus on low-level attacks and generate a very large amount of alerts which are difficult for humans to understand. Handling the intrusion alerts generated by various IDS is now a new research field as more sensors with different capabilities are distributed throughout networks being protected. A “Network Alert Correlation System” addresses this issue by reducing the number of false alarms, finding the root causes and then correlating the alerts to find the high-level attack scenario. Most current approaches have a number of limitations. Firstly, they usually need a lot of labelled training data to build the alert classifiers. However such data is often difficult to obtain. Secondly, most of these models are off-line which will delay the reaction to attacks. Thirdly, most of them are unable to adapt to new configurations. In this research I propose a network alert correlation system which able to handle some of the above limitations. My proposed method is based on a data mining technique called outlier detection.

Item Type: Monograph (Technical Report)
Divisions: Faculty of Physical Sciences and Engineering > Electronics and Computer Science > Web & Internet Science
ePrint ID: 271404
Date Deposited: 14 Jul 2010 15:09
Last Modified: 27 Mar 2014 20:16
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/271404

Actions (login required)

View Item View Item