Data Stream Intrusion Alert Aggregation for Online and Offline

In this paper, the authors present an efficient intrusion alert aggregation strategy for distributed heterogeneous sources. The primary objective is to generate meta-alerts using probabilistic technique with offline and online alert aggregation. The proposed approach has the distinct properties i.e., a generative modeling approach using probabilistic methods. Assume that attack instances can be regarded as random processes producing alerts. Model these processes using approximate maximum likelihood parameter estimation techniques. Thus, the beginning as well as the completion of attack instances can be detected. It is a data stream approach, i.e., each observed alert is processed only a few times. Thus, it can be applied on-line and under harsh timing constraints.

Provided by: International Journal on Computer Science and Technology (IJCST) Topic: Security Date Added: Sep 2012 Format: PDF

Find By Topic