Intrusion Detection with Data Correlation Relation Graph

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Amin Hassanzadeh Articles by Babak Sadeghian

2008 Third International Conference on Availability, Reliability and Security

March 04-March 07

ISBN: 978-0-7695-3102-1

	ASCII Text	x
	Amin Hassanzadeh, Babak Sadeghian, "Intrusion Detection with Data Correlation Relation Graph," Availability, Reliability and Security, International Conference on, pp. 982-989, 2008 Third International Conference on Availability, Reliability and Security, 2008.

	BibTex	x
	@article{ 10.1109/ARES.2008.119, author = {Amin Hassanzadeh and Babak Sadeghian}, title = {Intrusion Detection with Data Correlation Relation Graph}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3102-1}, pages = {982-989}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2008.119}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - Intrusion Detection with Data Correlation Relation Graph SN - 978-0-7695-3102-1 SP982 EP989 A1 - Amin Hassanzadeh, A1 - Babak Sadeghian, PY - 2008 KW - intrusion detection KW - data correlation KW - correlation relation graph KW - synflood KW - correlation coefficient KW - regression line VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Amin Hassanzadeh

Babak Sadeghian

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.119

Intrusion Detection Systems are designed based on the assumption that the behavior of an intruder is different from a normal user of a system. We show that intrusion detection can be done based on the assumption that the correlation of system events and parameters is changed during an attack to the system. In this paper, we propose a new method in correlating data and events for "Network Based Intrusion Detection Systems". When an attack occurs, the correlation of security parameters is changed. We propose to use the state of correlation between parameters to detect an attack. First we show how to select effective security parameters for our detection engine with statistical correlation methods. Then, we propose how to build Correlation Relation Graphs (CRG) for the parameters showing higher correlation. Finally we show how the attack may be detected with comparing the CRG parameter pairs for each session with the deviation from the regression line of them. We present our results for detecting a SynFlood attack with this method. We give also the corresponding detection rate and false alarm rate.

Index Terms:

intrusion detection, data correlation, correlation relation graph, synflood, correlation coefficient, regression line

Citation:

Amin Hassanzadeh, Babak Sadeghian, "Intrusion Detection with Data Correlation Relation Graph," ares, pp.982-989, 2008 Third International Conference on Availability, Reliability and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.