Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection

MA Lin-ru1; YANG Lin2; WANG Jian-xin2; TANG Xin2

Tongxin xuebao (Jan 2006)

Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection

MA Lin-ru1,
YANG Lin2,
WANG Jian-xin2,
TANG Xin2

Affiliations

MA Lin-ru1
YANG Lin2
WANG Jian-xin2
TANG Xin2

Abstract

Read online

Causal correlation method was one of the most representative methods for instruction detection alert correla-tion. In some conditions, the correlation graph would be split because of loss of causal information. In order to solve the problem, an algorithm was proposed to reconstruct attack scenario using fuzzy clustering. A new similarity membership function based on the attribute hierarchy tree was defined in the process of clustering. Furthermore, the evaluation method and indexes were put forward to describe the ability of reconstructing attack scenario. The experimental results indicate that this algorithm is valid to combine the split correlation graph and reconstruct attack scenario.

alert correlation;attack scenario reconstruction;fuzzy clustering;similarity membership function

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords