Skip to main content
SpringerLink
Log in
Book cover

Computational Intelligence in Security for Information Systems pp 76–83Cite as

Security Alert Correlation Using Growing Neural Gas

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6694))

Abstract

The use of alert correlation methods in Distributed Intrusion Detection Systems (DIDS) has become an important process to address some of the current problems in this area. However, the efficiency obtained is far from optimal results. This paper presents a novel approach based on the integration of multiple correlation methods by using the neural network Growing Neural Gas (GNG). Moreover, since correlation systems have different detection capabilities, we have modified the learning algorithm to positively weight the best performing systems. The results show the validity of the proposal, both the multiple integration approach using GNG neural network and the weighting based on efficiency.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ren, H., Stakhanova, N., Ghorbani, A.: An Online Adaptive Approach to Alert Correlation. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 153–172. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Qin, X., Lee, W.: Statistical Causality Analysis of INFOSEC Alert Data. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 73–93. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Qin, X., Lee, W.: Discovering Novel Attack Strategies from INFOSEC Alerts. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 439–456. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Ning, P., Cui, Y., Reeves, D.S.: Constructing Attacks Scenarios Through Correlation of Intrusion Alerts. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. ACM Press, New York (2002)

    Google Scholar 

  5. Fritzke, B.: A growing neural gas network learns topologies. In: Advances in Neural Information Processing Systems, vol. 7. MIT Press, Cambridge (1995)

    Google Scholar 

  6. Abdel-Azim, M., Abdel-Fatah, A., Awad, M.: Performance Analys of Artificial Neural Network Intrusion Detection Systems. In: Proceedings of International Conference on Electrical and Electronics Engineering, Bursa, Turkey, pp. 385–389 (2009)

    Google Scholar 

  7. Lorenzo-Fonseca, I., Maciá-Pérez, F., Mora-Gimeno, F.J., Lau-Fernández, R., Gil-Martínez-Abarca, J.A., Marcos-Jorquera, D.: Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics. In: Cabestany, J., Sandoval, F., Prieto, A., Corchado, J.M. (eds.) IWANN 2009. LNCS, vol. 5517, pp. 1296–1303. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Shun, J., Malki, H.A.: Network Intrusion Detection System Using Neural Networks. In: Proceedings of International Conference on Natural Computation, Jinan, China, pp. 242–249 (2008)

    Google Scholar 

  9. Liu, G., Wang, X.: An Integrated Intrusion Detection System by Using Multiple Neural Networks. In: Proceedings of IEEE Conference on Cybernetics and Intelligent Systems, Chengdu, China, pp. 22–27 (2008)

    Google Scholar 

  10. Tenfl, P., Payer, U., Fellner, R.: Event Correlation on the Basis of Activation Patterns. In: Proceedings of International Conference on Parallel, Distributed, and Network-Based Processing, Pisa, Italy, pp. 631–640 (2010)

    Google Scholar 

  11. Morin, B., Me, L., Debar, H., Ducasse, M.: A Logic-Based Model to Support Alert Correlation in Intrusion Detection. Information Fusion 10(4), 285–299 (2009)

    Article  Google Scholar 

  12. Zhou, J., Hechman, M., Reynolds, B., Carlson, A., Bishop, M.: Modeling Network Intrusion Detection Alerts for Correlation. ACM Transactions on Information and System Security 10(1), 1–31 (2007)

    Article  Google Scholar 

  13. Gu, T., Xiao, D., Liu, X., Xia, X.: Multilevel Event Correlation Based on Collaboration and Temporal Causal Correlation. In: Proceedings of International Conference on Wireless Communications, Networking and Mobile Computint, Beijing, China, pp. 1–4 (2009)

    Google Scholar 

  14. Ning, P., Xu, D., Healey, C.G., Amant, R.: Building Attacks Scenarios Through Integration of Complementary Alert Correlation Method. In: Proceedings of Network and Distributed System Security Symposium, San Diego, USA, pp. 69–84 (2004)

    Google Scholar 

  15. Gu, G., Fogla, P., Dagon, D., Lee, W., Skoric, B.: Measuring Intrusion Detection Capability: An Information_Theoretic Approack. In: Proceedings of ACM Symposium on Information, Computer and Communications Security. ACM Press, New York (2006)

    Google Scholar 

  16. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765. IETF Trust (2007)

    Google Scholar 

  17. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. MIT Lincoln Laboratory: DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/IST/ideval/index.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Technology, University of Alicante, AP.99-03080, Alicante, Spain

    Francisco José Mora-Gimeno, Francisco Maciá-Pérez, Iren Lorenzo-Fonseca, Juan Antonio Gil-Martínez-Abarca, Diego Marcos-Jorquera & Virgilio Gilart-Iglesias

Authors
  1. Francisco José Mora-Gimeno
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francisco Maciá-Pérez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Iren Lorenzo-Fonseca
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Juan Antonio Gil-Martínez-Abarca
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Diego Marcos-Jorquera
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Virgilio Gilart-Iglesias
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departamento de Ingeniería Civil, Universidad de Burgos, Francisco de Vitoria s/n, 09006, Burgos, Spain

    Álvaro Herrero

  2. Departamento de Informática y Automática, Universidad de Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mora-Gimeno, F.J., Maciá-Pérez, F., Lorenzo-Fonseca, I., Gil-Martínez-Abarca, J.A., Marcos-Jorquera, D., Gilart-Iglesias, V. (2011). Security Alert Correlation Using Growing Neural Gas. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21323-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21322-9

  • Online ISBN: 978-3-642-21323-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation