Correlating Alerts with a Data Mining Based Approach

Hong Kong, China March 29-April 01

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/EEE.2005.56

2005 IEEE International Conference on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Guang Xiang Articles by Xiaomei Dong Articles by Ge Yu

	ASCII Text	x
	Guang Xiang, Xiaomei Dong, Ge Yu, "Correlating Alerts with a Data Mining Based Approach," e-Technology, e-Commerce, and e-Services, IEEE International Conference on, pp. 341-346, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'05), 2005.

	BibTex	x
	@article{ 10.1109/EEE.2005.56, author = {Guang Xiang and Xiaomei Dong and Ge Yu}, title = {Correlating Alerts with a Data Mining Based Approach}, journal ={e-Technology, e-Commerce, and e-Services, IEEE International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2274-2}, pages = {341-346}, doi = {http://doi.ieeecomputersociety.org/10.1109/EEE.2005.56}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - e-Technology, e-Commerce, and e-Services, IEEE International Conference on TI - Correlating Alerts with a Data Mining Based Approach SN - 0-7695-2274-2 SP341 EP346 A1 - Guang Xiang, A1 - Xiaomei Dong, A1 - Ge Yu, PY - 2005 KW - null VL - 0 JA - e-Technology, e-Commerce, and e-Services, IEEE International Conference on ER -

Guang Xiang, Northeastern University, China

Xiaomei Dong, Northeastern University, China

Ge Yu, Northeastern University, China

In monitoring anomalous network activities, intrusion detection systems tend to generate a large amount of alerts, which greatly increase the workload of post-detection analysis and decision-making. In this paper, we propose a correlation approach based on sequential pattern mining techniques to fuse related alerts for the Distributed Denial of Service (DDoS) attacks. By mining the alert sequences and iteratively consolidating the matching sequential alert patterns, our approach is able to greatly reduce the related alerts and identify their DDoS membership. The alert reduction and fusing mechanism allow us to concentrate on a higher level of abstraction and thus save much extra efforts spent on analyzing a big volume of trivial raw alerts. Experimental comparisons of our method with hidden Markov model (HMM), a powerful stochastic process for sequence analysis, show that our algorithm is slightly better than HMM in terms of DDoS alert sequence identification.

Citation:

Guang Xiang, Xiaomei Dong, Ge Yu, "Correlating Alerts with a Data Mining Based Approach," eee, pp.341-346, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.