Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection
Causal correlation method was one of the most representative methods for instruction detection alert correla-tion. In some conditions, the correlation graph would be split because of loss of causal information. In order to solve the problem, an algorithm was proposed to reconstruct attack scenario u...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2006-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74662209/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841537415956660224 |
|---|---|
| author | MA Lin-ru1 YANG Lin2 WANG Jian-xin2 TANG Xin2 |
| author_facet | MA Lin-ru1 YANG Lin2 WANG Jian-xin2 TANG Xin2 |
| author_sort | MA Lin-ru1 |
| collection | DOAJ |
| description | Causal correlation method was one of the most representative methods for instruction detection alert correla-tion. In some conditions, the correlation graph would be split because of loss of causal information. In order to solve the problem, an algorithm was proposed to reconstruct attack scenario using fuzzy clustering. A new similarity membership function based on the attribute hierarchy tree was defined in the process of clustering. Furthermore, the evaluation method and indexes were put forward to describe the ability of reconstructing attack scenario. The experimental results indicate that this algorithm is valid to combine the split correlation graph and reconstruct attack scenario. |
| format | Article |
| id | doaj-art-e6a29b49328e4ad6b039dc1a8b0baf13 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2006-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-e6a29b49328e4ad6b039dc1a8b0baf132025-01-14T08:37:53ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2006-01-01475274662209Using fuzzy clustering to reconstruct alert correlation graph of intrusion detectionMA Lin-ru1YANG Lin2WANG Jian-xin2TANG Xin2Causal correlation method was one of the most representative methods for instruction detection alert correla-tion. In some conditions, the correlation graph would be split because of loss of causal information. In order to solve the problem, an algorithm was proposed to reconstruct attack scenario using fuzzy clustering. A new similarity membership function based on the attribute hierarchy tree was defined in the process of clustering. Furthermore, the evaluation method and indexes were put forward to describe the ability of reconstructing attack scenario. The experimental results indicate that this algorithm is valid to combine the split correlation graph and reconstruct attack scenario.http://www.joconline.com.cn/zh/article/74662209/alert correlationattack scenario reconstructionfuzzy clusteringsimilarity membership function |
| spellingShingle | MA Lin-ru1 YANG Lin2 WANG Jian-xin2 TANG Xin2 Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection Tongxin xuebao alert correlation attack scenario reconstruction fuzzy clustering similarity membership function |
| title | Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| title_full | Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| title_fullStr | Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| title_full_unstemmed | Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| title_short | Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| title_sort | using fuzzy clustering to reconstruct alert correlation graph of intrusion detection |
| topic | alert correlation attack scenario reconstruction fuzzy clustering similarity membership function |
| url | http://www.joconline.com.cn/zh/article/74662209/ |
| work_keys_str_mv | AT malinru1 usingfuzzyclusteringtoreconstructalertcorrelationgraphofintrusiondetection AT yanglin2 usingfuzzyclusteringtoreconstructalertcorrelationgraphofintrusiondetection AT wangjianxin2 usingfuzzyclusteringtoreconstructalertcorrelationgraphofintrusiondetection AT tangxin2 usingfuzzyclusteringtoreconstructalertcorrelationgraphofintrusiondetection |