Correlation and Analysis of Intrusion Alerts Based on Clustering Algorithm and Alerts’ Prerequisite-consequence Attribute

doi:10.3969/j.issn.1000-3428.2007.21.043

Computer Engineering ›› 2007, Vol. 33 ›› Issue (21): 122-124,. doi: 10.3969/j.issn.1000-3428.2007.21.043

• Security Technology • Previous Articles Next Articles

Correlation and Analysis of Intrusion Alerts Based on Clustering Algorithm and Alerts’ Prerequisite-consequence Attribute

WU Zheng-zhen1, CHEN Xiu-zhen2, LI Jian-hua1,2

(1. Department of Electronical Engineering, Shanghai Jiaotong University, Shanghai 200240; 2. Department of Information Security and Engineering, Shanghai Jiaotong University, Shanghai 200240)

Received:1900-01-01 Revised:1900-01-01 Online:2007-11-05 Published:2007-11-05

基于聚类和报警先决条件的网络入侵关联分析

吴正桢1，陈秀真2，李建华1,2

(1. 上海交通大学电子工程系，上海 200240；2. 上海交通大学信息安全工程学院，上海 200240)

Abstract

Abstract: After analysing the clustering algorithm and alerts’ prerequisite-consequence attributes, a novel approach of correlating and analysing intrusion alerts based on the combination of both is proposed. Experimental result on DARPA 2000 dataset proves that this approach can pre-process alerts successfully. Compared with the result of using only the prerequisite-consequence alert correlation method, the proposed approach can successfully eliminate three correlation errors, thus improve the efficiency of the correlation.

Key words: intrusion detection, clustering algorithm, prerequisite-consequence alert correlation method

摘要： 分析了聚类算法和报警先决条件关联方法，在二者的基础上提出了一种基于聚类和报警先决条件的网络入侵关联分析模型。使用DARPA 2000数据的测试结果表明，提出的模型可对报警信息进行有效预处理。与仅用报警先决条件关联方法相比，成功排除了3个错误报警关联，有效提高了关联效果。

关键词: 入侵检测, 聚类算法, 先决条件及结果关联方法

CLC Number:

TP393

WU Zheng-zhen; CHEN Xiu-zhen; LI Jian-hua;. Correlation and Analysis of Intrusion Alerts Based on Clustering Algorithm and Alerts’ Prerequisite-consequence Attribute[J]. Computer Engineering, 2007, 33(21): 122-124,.

吴正桢;陈秀真;李建华;. 基于聚类和报警先决条件的网络入侵关联分析[J]. 计算机工程, 2007, 33(21): 122-124,.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.3969/j.issn.1000-3428.2007.21.043

http://www.ecice06.com/EN/Y2007/V33/I21/122

[1]	CHEN Zhonglei, YI Peng, CHEN Xiang, HU Tao. Real-time Anomaly Detection Framework via System Calls Based on Integrated Learning [J]. Computer Engineering, 2023, 49(6): 162-169,179.
[2]	SHI Lei, ZHANG Jitao, GAO Yufei, WEI Lin, TAO Yongcai. Intrusion Detection of Network Traffic Based on Transformer and BiLSTM [J]. Computer Engineering, 2023, 49(3): 29-36,57.
[3]	LIU Qiang, ZHANG Ying, ZHOU Weixiang, JIANG Xiantao, ZHOU Weina, ZHOU Mouguo. Adaptive Class Incremental Learning-Based IoT Intrusion Detection System [J]. Computer Engineering, 2023, 49(2): 169-174.
[4]	SUN Yangwei, QI Yong. Intrusion Detection Method for In-Vehicle CAN Based on Cluster Mixed Sampling and PSO-Stacking [J]. Computer Engineering, 2023, 49(1): 138-145.
[5]	LIU Jinshuo, ZHAN Daiyi, DENG Juan, WANG Lina. Network Intrusion Detection Based on Deep Neural Network and Federated Learning [J]. Computer Engineering, 2023, 49(1): 15-21,30.
[6]	DONG Weiyu, LI Haitao, WANG Ruimin, REN Huajuan, SUN Xuekai. Network Traffic Anomaly Detection Model Based on Stacked Convolutional Attention [J]. Computer Engineering, 2022, 48(9): 12-19.
[7]	JIN Haibo, ZHAO Xinyue. High-Reliability Intrusion Detection Algorithm Under Conformal Prediction Framework [J]. Computer Engineering, 2022, 48(7): 130-140.
[8]	SHENG Long, YUAN Lina, WU Nannan, JI Shaopei. Network Anomaly Detection Model Based on GSA and DE Optimizing Hybrid Kernel ELM [J]. Computer Engineering, 2022, 48(6): 146-153.
[9]	LI Jinguo, JIAO Xubin. Research on Intrusion Detection Model in Fog Computing Environment [J]. Computer Engineering, 2022, 48(5): 43-52.
[10]	WANG Zhihe, WANG Shuyan, DU Hui. Improved Fuzzy C-means Clustering Algorithm Based on Density-Sensitive Distance [J]. Computer Engineering, 2021, 47(5): 88-96,103.
[11]	ZHOU Weixiao, LAN Wenfei. Summarization Model Using Multi-Task Learning Fused with Text Classification [J]. Computer Engineering, 2021, 47(4): 48-55.
[12]	LIU Feifei, WU Zhongdong, DING Longbin, ZHANG Kai. Intrusion Detection Algorithm for AMI Based on Improved Online Sequential Extreme Learning Machine [J]. Computer Engineering, 2020, 46(9): 136-142,148.
[13]	LIU Yuhang, MA Huifang, LIU Haijiao, YU Li. An Overlapping Subspace K-Means Clustering Algorithm [J]. Computer Engineering, 2020, 46(8): 58-63,71.
[14]	LIU Yali, SHI Ruifeng, REN Xiaoliang. Intrusion Recognition for LTE Core Network Based on Low-Complexity Random Packet Detection [J]. Computer Engineering, 2020, 46(8): 139-145,152.
[15]	ZHANG Ling, ZHANG Jianwei, SANG Yongxuan, WANG Bo, HOU Zexiang. Intrusion Detection Algorithm Based on Random Forest and Artificial Immunity [J]. Computer Engineering, 2020, 46(8): 146-152.

Please choose a citation manager

Content to export

Correlation and Analysis of Intrusion Alerts Based on Clustering Algorithm and Alerts’ Prerequisite-consequence Attribute

基于聚类和报警先决条件的网络入侵关联分析

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

模态框（Modal）标题

Please choose a citation manager

Content to export

Correlation and Analysis of Intrusion Alerts Based on Clustering Algorithm and Alerts’ Prerequisite-consequence Attribute

基于聚类和报警先决条件的网络入侵关联分析

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments