Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 39704 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jalili, Rasool
- Abstract:
- Intrusion Detection Systems (IDSs) are among the mostly used security tools in computer networks. While they are promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low level alerts which are hardly manageable. In addition, IDSs usually generate redundant or even irrelevant (false) alerts. One technique proposed to circumvent such drawbacks is alert correlation, which extracts useful and high-level alerts, and helps in making timely decisions when a security breach occurs. This thesis will survey current alert correlation techniques, and introduces a real-time and data-mining–based algorithm for alert correlation as well. In this algorithm, the alert stream is broken into windows, and frequent patterns are mined in each window. Among these frequent patterns, we select those ones whose alerts are correlated based on a causal correlation matrix (CCM). The selected patterns are then correlated to previous correlated frequent patterns. Thus, the attack scenario is constructed in an incremental manner. In addition, our knowledge of the correlation value between alerts is updated during the correlation process. The algorithm has a relatively good performance, both in speed and memory consumption. We evaluated our algorithm using DARPA 2000 dataset, which shows that it detects attack scenarios correctly
- Keywords:
- Alert Correlation ; Data Mining ; Intrusion Detection System ; Correlated Frequent Pattern ; Streem Mining
Digital Object List-
محتواي پايان نامه - view
Bookmark