Alert Correlation Analysis based on Clustering Technique for IDS 


Vol. 10,  No. 6, pp. 665-674, Oct.  2003
10.3745/KIPSTC.2003.10.6.665


PDF
  Abstract

In this paper, we propose an approach to correlate alerts using a clustering analysis of data mining techniques in order to support intrusion detection system. Intrusion detection techniques have been developed to protect computer and network systems against malicious attacks. However, intrusion detection techniques are still far from perfect. Current intrusion detection systems cannot fully detect novel attacks or variations of known attacks without generating a large amount of false alerts. In addition, all the current intrusion detection systems focus on low-level attacks or anomalies. Consequently, the intrusion detection systems usually generate a large amount of alerts. In situations where there are intensive intrusive actions, it is difficult for users or intrusion response systems to understand the intrusion behind the alerts and take appropriate actions. The clustering analysis groups data objects into clusters such that objects belonging to the same cluster are similar, while those belonging to different ones are dissimilar. As using clustering technique, we can analyze alert data efficiently and extract high-level knowledge about attacks. Namely, it is possible to classify new type of alerts as well as existed. And it helps to understand logical steps and strategies behind series of attacks using sequences of clusters, and can potentially be applied to predict attacks in progress.

  Statistics
  Cite this article

[IEEE Style]

S. M. Seon, M. H. Seong, L. G. Ho, J. J. Su, "Alert Correlation Analysis based on Clustering Technique for IDS," The KIPS Transactions:PartC, vol. 10, no. 6, pp. 665-674, 2003. DOI: 10.3745/KIPSTC.2003.10.6.665.

[ACM Style]

Sin Mun Seon, Mun Ho Seong, Lyu Geun Ho, and Jang Jong Su. 2003. Alert Correlation Analysis based on Clustering Technique for IDS. The KIPS Transactions:PartC, 10, 6, (2003), 665-674. DOI: 10.3745/KIPSTC.2003.10.6.665.

Forms

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)

Old Journals

Indexing

All publications of TKIPS is indexed in DOI, EBSCO, Google Scholar, Crossref, and CrossCheck.

TKIPS is also selected as the Journal for Accreditation by NRF (National Research Foundation of Korea).

Related Journals