NETWORK ALERT CORRELATION USING OUTLIER DETECTION METHODS


Syarif, Iwan (2010) NETWORK ALERT CORRELATION USING OUTLIER DETECTION METHODS. (Submitted)

Download

[img] PDF (PhD Progress Report)
Restricted to Registered users only

Download (219Kb) | Request a copy

Description/Abstract

The use of an Intrusion Detection System (IDS) as a security perimeter tool has many advantages but also creates another difficult problem. Most IDSs focus on low-level attacks and generate a very large amount of alerts which are difficult for humans to understand. Handling the intrusion alerts generated by various IDS is now a new research field as more sensors with different capabilities are distributed throughout networks being protected. A “Network Alert Correlation System” addresses this issue by reducing the number of false alarms, finding the root causes and then correlating the alerts to find the high-level attack scenario. Most current approaches have a number of limitations. Firstly, they usually need a lot of labelled training data to build the alert classifiers. However such data is often difficult to obtain. Secondly, most of these models are off-line which will delay the reaction to attacks. Thirdly, most of them are unable to adapt to new configurations. In this research I propose a network alert correlation system which able to handle some of the above limitations. My proposed method is based on a data mining technique called outlier detection.

Item Type: Monograph (Technical Report)
Divisions: Faculty of Physical Sciences and Engineering > Electronics and Computer Science > Web & Internet Science
ePrint ID: 271404
Date Deposited: 14 Jul 2010 15:09
Last Modified: 27 Mar 2014 20:16
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/271404

Actions (login required)

View Item View Item

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics