Paper Info
Title
Correlating Alerts with a Data Mining Based Approach
Abstract
In monitoring anomalous network activities, intrusion detection systems tend to generate a large amount of alerts, which greatly increase the workload of post-detection analysis and decision-making. In this paper, we propose a correlation approach based on sequential pattern mining techniques to fuse related alerts for the Distributed Denial of Service (DDoS) attacks. By mining the alert sequences and iteratively consolidating the matching sequential alert patterns, our approach is able to greatly reduce the related alerts and identify their DDoS membership. The alert reduction and fusing mechanism allow us to concentrate on a higher level of abstraction and thus save much extra efforts spent on analyzing a big volume of trivial raw alerts. Experimental comparisons of our method with hidden Markov model (HMM), a powerful stochastic process for sequence analysis, show that our algorithm is slightly better than HMM in terms of DDoS alert sequence identification.
Year
DOI
Venue
2005
10.1109/EEE.2005.56
EEE
Keywords
Field
DocType
anomalous network activity,matching sequential alert pattern,data mining,sequential pattern mining technique,post-detection analysis,ddos alert sequence identification,alert reduction,sequence analysis,correlation approach,ddos membership,alert sequence,correlating alerts,intrusion detection system,distributed denial of service,hidden markov models,stochastic process,hidden markov model,ddos attack,sequential pattern mining
Data mining,Denial-of-service attack,Workload,Computer science,Stochastic process,Artificial intelligence,Hidden Markov model,Fuse (electrical),Intrusion detection system,Sequential Pattern Mining,Machine learning
Conference
ISBN
Citations 
PageRank 
0-7695-2274-2
1
0.36
References 
Authors
4
3
Name
Order
Citations
PageRank
Guang Xiang138218.31
Xiao-Mei Dong2214.31
Ge YU31313175.88