Hierarchical distributed alert correlation model

Donghai Tian; Hu Changzhen; Yang Qi; Wang Jianqiao

doi:10.1109/IAS.2009.26

Hierarchical distributed alert correlation model

Donghai Tian^*, Hu Changzhen, Yang Qi, Wang Jianqiao

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Citations (Scopus)

Abstract

Alert correlation is a promising technique in intrusion detection. It takes the alerts produced by intrusion detection systems and produces compact reports which provide a more succinct and high-level view of occurring or attempted intrusions and highly improve security expert's work efficiency. Traditional alert correlation system adopts a centralized architecture which can be easily over flooded by the raw alarms. To address this issue, a distributed alert correlation model based on hierarchical architecture is proposed. This model greatly improves the performance of alert correlation through integrating three novel methods. The experiments show effectiveness of this alert correlation model on 2000 DARPA intrusion detection scenario specific datasets.

Original language	English
Title of host publication	5th International Conference on Information Assurance and Security, IAS 2009
Publisher	IEEE Computer Society
Pages	766-769
Number of pages	4
ISBN (Print)	9780769537443
DOIs	https://doi.org/10.1109/IAS.2009.26
Publication status	Published - 2009
Event	5th International Conference on Information Assurance and Security, IAS 2009 - Xian, China Duration: 18 Aug 2009 → 20 Sept 2009

Publication series

Name	5th International Conference on Information Assurance and Security, IAS 2009
Volume	2

Conference

Conference	5th International Conference on Information Assurance and Security, IAS 2009
Country/Territory	China
City	Xian
Period	18/08/09 → 20/09/09

Keywords

Distributed alert correlation
Hierarchical model
Intrusion detection

Access to Document

10.1109/IAS.2009.26

Cite this

@inproceedings{a82a78f8cea6489d90a80801783d0fdd,

title = "Hierarchical distributed alert correlation model",

abstract = "Alert correlation is a promising technique in intrusion detection. It takes the alerts produced by intrusion detection systems and produces compact reports which provide a more succinct and high-level view of occurring or attempted intrusions and highly improve security expert's work efficiency. Traditional alert correlation system adopts a centralized architecture which can be easily over flooded by the raw alarms. To address this issue, a distributed alert correlation model based on hierarchical architecture is proposed. This model greatly improves the performance of alert correlation through integrating three novel methods. The experiments show effectiveness of this alert correlation model on 2000 DARPA intrusion detection scenario specific datasets.",

keywords = "Distributed alert correlation, Hierarchical model, Intrusion detection",

author = "Donghai Tian and Hu Changzhen and Yang Qi and Wang Jianqiao",

year = "2009",

doi = "10.1109/IAS.2009.26",

language = "English",

isbn = "9780769537443",

series = "5th International Conference on Information Assurance and Security, IAS 2009",

publisher = "IEEE Computer Society",

pages = "766--769",

booktitle = "5th International Conference on Information Assurance and Security, IAS 2009",

address = "United States",

note = "5th International Conference on Information Assurance and Security, IAS 2009 ; Conference date: 18-08-2009 Through 20-09-2009",

}

Tian, D , Changzhen, H, Qi, Y & Jianqiao, W 2009, Hierarchical distributed alert correlation model. in 5th International Conference on Information Assurance and Security, IAS 2009., 5284086, 5th International Conference on Information Assurance and Security, IAS 2009, vol. 2, IEEE Computer Society, pp. 766-769, 5th International Conference on Information Assurance and Security, IAS 2009, Xian, China, 18/08/09. https://doi.org/10.1109/IAS.2009.26

Hierarchical distributed alert correlation model. / Tian, Donghai ; Changzhen, Hu; Qi, Yang et al.
5th International Conference on Information Assurance and Security, IAS 2009. IEEE Computer Society, 2009. p. 766-769 5284086 (5th International Conference on Information Assurance and Security, IAS 2009; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Hierarchical distributed alert correlation model

AU - Tian, Donghai

AU - Changzhen, Hu

AU - Qi, Yang

AU - Jianqiao, Wang

PY - 2009

Y1 - 2009

N2 - Alert correlation is a promising technique in intrusion detection. It takes the alerts produced by intrusion detection systems and produces compact reports which provide a more succinct and high-level view of occurring or attempted intrusions and highly improve security expert's work efficiency. Traditional alert correlation system adopts a centralized architecture which can be easily over flooded by the raw alarms. To address this issue, a distributed alert correlation model based on hierarchical architecture is proposed. This model greatly improves the performance of alert correlation through integrating three novel methods. The experiments show effectiveness of this alert correlation model on 2000 DARPA intrusion detection scenario specific datasets.

AB - Alert correlation is a promising technique in intrusion detection. It takes the alerts produced by intrusion detection systems and produces compact reports which provide a more succinct and high-level view of occurring or attempted intrusions and highly improve security expert's work efficiency. Traditional alert correlation system adopts a centralized architecture which can be easily over flooded by the raw alarms. To address this issue, a distributed alert correlation model based on hierarchical architecture is proposed. This model greatly improves the performance of alert correlation through integrating three novel methods. The experiments show effectiveness of this alert correlation model on 2000 DARPA intrusion detection scenario specific datasets.

KW - Distributed alert correlation

KW - Hierarchical model

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=74049100062&partnerID=8YFLogxK

U2 - 10.1109/IAS.2009.26

DO - 10.1109/IAS.2009.26

M3 - Conference contribution

AN - SCOPUS:74049100062

SN - 9780769537443

T3 - 5th International Conference on Information Assurance and Security, IAS 2009

SP - 766

EP - 769

BT - 5th International Conference on Information Assurance and Security, IAS 2009

PB - IEEE Computer Society

T2 - 5th International Conference on Information Assurance and Security, IAS 2009

Y2 - 18 August 2009 through 20 September 2009

ER -

Hierarchical distributed alert correlation model

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this