Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Machine Learning and Data Mining in Pattern Recognition

MLDM 2005: Machine Learning and Data Mining in Pattern Recognition pp 184–193Cite as

Alarm Clustering for Intrusion Detection Systems in Computer Networks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3587))

Abstract

Until recently, network administrators manually arranged alarms produced by Intrusion Detection Systems (IDSs) to attain a high-level description of threats. As the number of alarms is increasingly growing, automatic tools for alarm clustering have been proposed to provide such a high level description of the attack scenario. In addition, it has been shown that effective threat analysis require the fusion of different sources of information, such as different IDSs, firewall logs, etc. In this paper, we propose a new strategy to perform alarm clustering which produces unified descriptions of attacks from multiple alarms. Tests have been performed on a live network where commercial and open-source IDSs analyzed network traffic.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Haines, J., Ryder, D.K., Tinnel, L., Taylor, S.: Validation of Sensor Alert Correlators. IEEE Security Privacy 1(1), 46–56 (2003)

    Article  Google Scholar 

  2. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Cuppens, F.: Managing Alerts in a Multi-Intrusion Detection Environment. In: Proceedings of ACSAC 2001. IEEE Computer Society, Los Alamitos (2001)

    Google Scholar 

  4. Cuppens, F., Miége, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  5. Porras, P.A., Fong, M.W., Valdes, A.: A Mission-Impact-Based Approach to INFOSEC Alarm Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 95–114. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Undercoffer, J., Joshi, A., Pinkston, J.: Modeling Computer Attacks: An Ontology for Intrusion Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 113–135. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Curry, D., Debar, H., Feinstein, B.: The Intrusion Detection Message Exchange Format, http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-11.txt

  8. Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: a review. ACM Computing Surveys 31(3), 264–323 (1999)

    Article  Google Scholar 

  9. Snort, Lightweight Intrusion Detection for Networks, http://www.snort.org

  10. Prelude Intrusion Detection System, http://www.prelude-ids.org

  11. ISS, Inc.: RealSecure intrusion detection system, http://www.iss.net

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Electronic Engineering, University of Cagliari, Piazza D Armi, 09123, Cagliari, Italy

    Giorgio Giacinto, Roberto Perdisci & Fabio Roli

Authors
  1. Giorgio Giacinto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Perdisci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fabio Roli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Vision and applied Computer Sciences, IBaI, Germany

    Petra Perner

  2. Institute of Media and Information Technology, Chiba University, Japan

    Atsushi Imiya

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Giacinto, G., Perdisci, R., Roli, F. (2005). Alarm Clustering for Intrusion Detection Systems in Computer Networks. In: Perner, P., Imiya, A. (eds) Machine Learning and Data Mining in Pattern Recognition. MLDM 2005. Lecture Notes in Computer Science(), vol 3587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11510888_19

Download citation

  • DOI: https://doi.org/10.1007/11510888_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26923-6

  • Online ISBN: 978-3-540-31891-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation