Skip to main content
SpringerLink
Log in

An Alert Reasoning Method for Intrusion Detection System Using Attribute Oriented Induction

  • Conference paper
Information Networking. Convergence in Broadband and Mobile Networking (ICOIN 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3391))

Included in the following conference series:

Abstract

The intrusion detection system (IDS) is used as one of the solutions against the Internet attack. However the IDS reports extremely many alerts as compared with the number of the real attack. Thus the operator suffers from burden tasks that analyze floods of alerts and identify the root cause of them. The attribute oriented induction (AOI) is a kind of clustering method. By generalizing the attributes of raw alerts, it creates several clusters that include a set of alerts having similar or the same cause. However, if the attributes are excessively abstracted, the administrator does not identify the root cause of the alert. In this paper, we describe about the over generalization problem because of the unbalanced generalization hierarchy. We also discuss the solution of the problem and propose an algorithm to solve the problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Axelsson, S.: The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security 3(3), 186–205 (2000)

    Article  MathSciNet  Google Scholar 

  3. Debar, H., Wespi, A.: Aggregation and Correlation of Intrusion-Detection Alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Han, J., Cai, Y.: Data-Driven Discovery of Quantitative Rules in Relational Databases. IEEE Transactions on Knowledge and Data Engineering 5(1), 29–40 (1993)

    Article  Google Scholar 

  5. Julisch, K.: Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security 6(4), 443–471 (2002)

    Article  Google Scholar 

  6. Julisch, K.: Mining Intrusion Detection Alarms for Actionable Knowledge. In: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 366–375 (2002)

    Google Scholar 

  7. Snort user manual, http://www.snort.org/docs/snort_manual/

  8. Snot program, http://www.solenshoes.net/sniph/index.html

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Communication, Ajou University, Suwon, Korea

    Jungtae Kim, Gunhee Lee & Dong-kyoo Kim

  2. National Security Research Institute, Hwaam-dong, Yuseong-gu, Daejeon, Korea

    Jung-taek Seo, Eung-ki Park & Choon-sik Park

Authors
  1. Jungtae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gunhee Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jung-taek Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eung-ki Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Choon-sik Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dong-kyoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), San 31 HyoJa-Dong, Nam-Gu, 790-784, Pohang, Korea

    Cheeha Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, J., Lee, G., Seo, Jt., Park, Ek., Park, Cs., Kim, Dk. (2005). An Alert Reasoning Method for Intrusion Detection System Using Attribute Oriented Induction. In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30582-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24467-7

  • Online ISBN: 978-3-540-30582-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation