Share Email Print

Proceedings Paper

Feature-based alert correlation in security systems using self organizing maps
Author(s): Munesh Kumar; Shoaib Siddique; Humera Noor
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

The security of the networks has been an important concern for any organization. This is especially important for the defense sector as to get unauthorized access to the sensitive information of an organization has been the prime desire for cyber criminals. Many network security techniques like Firewall, VPN Concentrator etc. are deployed at the perimeter of network to deal with attack(s) that occur(s) from exterior of network. But any vulnerability that causes to penetrate the network's perimeter of defense, can exploit the entire network. To deal with such vulnerabilities a system has been evolved with the purpose of generating an alert for any malicious activity triggered against the network and its resources, termed as Intrusion Detection System (IDS). The traditional IDS have still some deficiencies like generating large number of alerts, containing both true and false one etc. By automatically classifying (correlating) various alerts, the high-level analysis of the security status of network can be identified and the job of network security administrator becomes much easier. In this paper we propose to utilize Self Organizing Maps (SOM); an Artificial Neural Network for correlating large amount of logged intrusion alerts based on generic features such as Source/Destination IP Addresses, Port No, Signature ID etc. The different ways in which alerts can be correlated by Artificial Intelligence techniques are also discussed. . We've shown that the strategy described in the paper improves the efficiency of IDS by better correlating the alerts, leading to reduced false positives and increased competence of network administrator.

Paper Details

Date Published: 13 April 2009
PDF: 7 pages
Proc. SPIE 7344, Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009, 734404 (13 April 2009);
Show Author Affiliations
Munesh Kumar, NED Univ. of Engineering and Technology (Pakistan)
Shoaib Siddique, NED Univ. of Engineering and Technology (Pakistan)
Humera Noor, NED Univ. of Engineering and Technology (Pakistan)

Published in SPIE Proceedings Vol. 7344:
Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?