Critical Episode Mining in Intrusion Detection Alerts

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mahboobeh Soleimani Articles by Ali A. Ghorbani

2008 Communication Networks and Services Research Conference (CNSR 2008)

May 05-May 08

ISBN: 978-0-7695-3135-9

	ASCII Text	x
	Mahboobeh Soleimani, Ali A. Ghorbani, "Critical Episode Mining in Intrusion Detection Alerts," Communication Networks and Services Research, Annual Conference on, pp. 157-164, 2008 Communication Networks and Services Research Conference (CNSR 2008), 2008.

	BibTex	x
	@article{ 10.1109/CNSR.2008.62, author = {Mahboobeh Soleimani and Ali A. Ghorbani}, title = {Critical Episode Mining in Intrusion Detection Alerts}, journal ={Communication Networks and Services Research, Annual Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3135-9}, pages = {157-164}, doi = {http://doi.ieeecomputersociety.org/10.1109/CNSR.2008.62}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Communication Networks and Services Research, Annual Conference on TI - Critical Episode Mining in Intrusion Detection Alerts SN - 978-0-7695-3135-9 SP157 EP164 A1 - Mahboobeh Soleimani, A1 - Ali A. Ghorbani, PY - 2008 KW - Episode mining KW - Critical episode KW - Alert mining KW - Attack scenario KW - Multistage attack VL - 0 JA - Communication Networks and Services Research, Annual Conference on ER -

Mahboobeh Soleimani

Ali A. Ghorbani

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CNSR.2008.62

One of the most important steps in attack detection using Intrusion Detection Systems (IDSs) is dealing with huge number of alerts that can be either critical single alerts and multi-step attack scenarios or false alerts and non-critical ones. In this paper we try to address the problem of managing alerts via a multi-layer alert correlation and ltering that can identify critical alerts after each step of correlation and ltering. After applying the approach on LL DDoS 1.0 data set, we achieved very good results in terms of critical alert detection rates, running time of approach and its memory usage. Our method could extract all of critical and multi-step attacksin LL DDoS 1.0 data set while we had almost 90% reduction in number of alerts.

Index Terms:

Episode mining, Critical episode, Alert mining, Attack scenario, Multistage attack

Citation:

Mahboobeh Soleimani, Ali A. Ghorbani, "Critical Episode Mining in Intrusion Detection Alerts," cnsr, pp.157-164, 2008 Communication Networks and Services Research Conference (CNSR 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.