Skip to main content
SpringerLink
Log in

A Cognitive Model for Alert Correlation in a Distributed Environment

  • Conference paper
Intelligence and Security Informatics (ISI 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3495))

Included in the following conference series:

Abstract

The area of alert fusion for strengthening information assurance in systems is a promising research area that has recently begun to attract attention. Increased demands for “more trustworthy” systems and the fact that a single sensor cannot detect all types of misuse/anomalies have prompted most modern information systems deployed in distributed environments to employ multiple, diverse sensors. Therefore, the outputs of the sensors must be fused in an effective and intelligent manner in order to provide an overall view of the status of such systems. A unified architecture for intelligent alert fusion will essentially combine alert prioritization, alert clustering and alert correlation. In this paper, we address the alert correlation aspect of sensor data fusion in distributed environments. A causal knowledge based inference technique with fuzzy cognitive modeling is used to correlate alerts by discovering causal relationships in alert data.

This work is supported by NSF Cyber Trust Program Grant No: SCI-0430354, NSA IASP Grant No: H98230-04-1-0205, Office of Naval Research Grant number N00014-01-1-0678. and the Department of Computer Science and Engineering Center for Computer Security Research at Mississippi State University (http://www.cs.msstate.edu/~security).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Brubaker, D.: Fuzzy Cognitive Maps. EDN Access (April 1996)

    Google Scholar 

  2. Internet Security Systems, RealSecure Network 10/100 (current January 30, 2005), http://www.iss.net/products_services/enterprise_protection/rsnetwork/sensor.php

  3. Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In: Proceedings: 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, LA, December 10 - 14 (2001)

    Google Scholar 

  4. Kosko, B.: Fuzzy Cognitive Maps. International Journal of Man-Machine Studies 24, 65–75 (1986)

    Article  MATH  Google Scholar 

  5. Kosko, B.: Neural Networks and Fuzzy Systems: A Dynamical Systems Approach to Machine Intelligence. Prentice Hall, Englewood Cliffs (1992)

    MATH  Google Scholar 

  6. Kosko, B.: Fuzzy Engineering. Prentice Hall, Upper Saddle River (1997)

    MATH  Google Scholar 

  7. M.I.T Lincoln Laboratory, 2000 DARPA Intrusion Detection Scenario Specific Data Sets (current January 30, 2005), http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html

  8. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attack Scenarios through Correlation of Intrusion Alerts. In: Proceedings: ACM Conference on Computer & Communications Security, Washington D.C., WA (November 2002)

    Google Scholar 

  9. Ning, P.: TIAA: A Toolkit for Intrusion Alert Analysis, http://discovery.csc.ncsu.edu/software/correlator/ (current January 30, 2005)

  10. Qin, X., Lee, W.: Statistical Causality Analysis of INFOSEC Alert Data. In: Proceedings: Recent Advances in Intrusion Detection, Pittsburgh, PA (September 2003)

    Google Scholar 

  11. Siraj, A., Bridges, S.M., Vaughn, R.B.: Fuzzy Cognitive Maps for Decision Support in an Intelligent Intrusion Detection System. In: Proceedings: International Fuzzy Systems Association/ North American Fuzzy Information Processing Society (IFSA/NAFIPS) Conference on Soft Computing, Vancouver, Canada (July 2001)

    Google Scholar 

  12. Xin, J.Q., Dickerson, J.E., Dickerson, J.A.: Fuzzy Feature Extraction and Visualization for Intrusion Detection. In: Proceedings: FUZZ-IEEE, St. Louis, MO (2003)

    Google Scholar 

  13. Yu, D., Frincke, D.: A Novel Framework for Alert Correlation and Understanding. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 452–466. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Center for Computer Security Research,  

    Ambareen Siraj & Rayford B. Vaughn

Authors
  1. Ambareen Siraj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rayford B. Vaughn
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Library and Information Science, Rutgers University,  

    Paul Kantor

  2. School of Communication, Information and Library Studies, Rutgers University, 4 Huntington Street, 08901-1071, New Brunswick, NJ, USA

    Gheorghe Muresan

  3. Artificial Solutions, Altonaer Poststraße 13b, 22767, Hamburg, Germany

    Fred Roberts

  4. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  5. Institute of Automation, Chinese Academy of Sciences, Beijing, China

    Fei-Yue Wang

  6. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  7. College of Computing, Georgia Tech Information Security Center, Georgia Institute of Technology, 801 Atlantic Drive, 30332-0280, Atlanta, GA, USA

    Ralph C. Merkle

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Siraj, A., Vaughn, R.B. (2005). A Cognitive Model for Alert Correlation in a Distributed Environment. In: Kantor, P., et al. Intelligence and Security Informatics. ISI 2005. Lecture Notes in Computer Science, vol 3495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427995_18

Download citation

  • DOI: https://doi.org/10.1007/11427995_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25999-2

  • Online ISBN: 978-3-540-32063-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation