A Unified Alert Fusion Model For Intelligent Analysis Of Sensor Data In An Intrusion Detection Environment
Download A Unified Alert Fusion Model For Intelligent Analysis Of Sensor Data In An Intrusion Detection Environment PDF/ePub or read online books in Mobi eBooks. Click Download or Read Online button to get A Unified Alert Fusion Model For Intelligent Analysis Of Sensor Data In An Intrusion Detection Environment book now. This website allows unlimited access to, at the time of writing, more than 1.5 million titles, including hundreds of thousands of titles in various foreign languages.
A Unified Alert Fusion Model for Intelligent Analysis of Sensor Data in an Intrusion Detection Environment
The need for higher-level reasoning capabilities beyond low-level sensor abilities has prompted researchers to use different types of sensor fusion techniques for better situational awareness in the intrusion detection environment. These techniques primarily vary in terms of their mission objectives. Some prioritize alerts for alert reduction, some cluster alerts to identify common attack patterns, and some correlate alerts to identify multi-staged attacks. Each of these tasks has its own merits. Unlike previous efforts in this area, this dissertation combines the primary tasks of sensor alert fusion, i.e., alert prioritization, alert clustering and alert correlation into a single framework such that individual results are used to quantify a confidence score as an overall assessment for global diagnosis of a system's security health. Such a framework is especially useful in a multi-sensor environment where the sensors can collaborate with or complement each other to provide increased reliability, making it essential that the outputs of the sensors are fused in an effective manner in order to provide an improved understanding of the security status of the protected resources in the distributed environment. This dissertation uses a possibilistic approach in intelligent fusion of sensor alerts with Fuzzy Cognitive Modeling in order to accommodate the impreciseness and vagueness in knowledge-based reasoning. We show that our unified architecture for sensor fusion provides better insight into the security health of systems. A new multi-level alert clustering method is developed to accommodate inexact matching in alert features and is shown to provide relevance to more alerts than traditional exact clustering. Alert correlation with a new abstract incident modeling technique is shown to deal with scalability and uncertainty issues present in traditional alert correlation. New concepts of dynamic fusion are presented for overall situation assessment, which a) in case of misuse sensors, combines results of alert clustering and alert correlation, and b) in case of anomaly sensors, corroborates evidence from primary and secondary sensors for deriving the final conclusion on the systems' security health.
Network Traffic Anomaly Detection and Prevention
This indispensable text/reference presents a comprehensive overview on the detection and prevention of anomalies in computer network traffic, from coverage of the fundamental theoretical concepts to in-depth analysis of systems and methods. Readers will benefit from invaluable practical guidance on how to design an intrusion detection technique and incorporate it into a system, as well as on how to analyze and correlate alerts without prior information. Topics and features: introduces the essentials of traffic management in high speed networks, detailing types of anomalies, network vulnerabilities, and a taxonomy of network attacks; describes a systematic approach to generating large network intrusion datasets, and reviews existing synthetic, benchmark, and real-life datasets; provides a detailed study of network anomaly detection techniques and systems under six different categories: statistical, classification, knowledge-base, cluster and outlier detection, soft computing, and combination learners; examines alert management and anomaly prevention techniques, including alert preprocessing, alert correlation, and alert post-processing; presents a hands-on approach to developing network traffic monitoring and analysis tools, together with a survey of existing tools; discusses various evaluation criteria and metrics, covering issues of accuracy, performance, completeness, timeliness, reliability, and quality; reviews open issues and challenges in network traffic anomaly detection and prevention. This informative work is ideal for graduate and advanced undergraduate students interested in network security and privacy, intrusion detection systems, and data mining in security. Researchers and practitioners specializing in network security will also find the book to be a useful reference.
Intelligence and Security Informatics
Author: Paul Kantor
language: en
Publisher: Springer Science & Business Media
Release Date: 2005-05-12
This book constitutes the refereed proceedings of the IEEE International Conference on Intelligence and Security Informatics, ISI 2005, held in Atlanta, GA, USA in May 2005. The 28 revised full papers, 34 revised short papers, and 32 poster abstracts presented were carefully reviewed and selected for inclusion in the book. The papers are organized in topical sections on data and text mining, infrastructure protection and emergency response, information management and security education, deception detection and authorship analysis, monitoring and surveillance, and terrorism informatics.