吉林大学学报(工学版) ›› 2015, Vol. 45 ›› Issue (3): 899-906.doi: 10.13229/j.cnki.jdxbgxb201503031

Previous Articles     Next Articles

Intrusion alert correlation model based on data mining and ontology

REN Wei-wu, HU Liang, ZHAO Kuo   

  1. College of Computer Science and Technology, Jilin University,Changchun 130022,China
  • Received:2013-08-21 Online:2015-05-01 Published:2015-05-01

Abstract: With the gradual development of network application fields, the attack patterns have reached their delicacy and multi-steps from the coarse and simplistic pattern in their early days. In order to redeem the flaws of intrusion detection technology, an intrusion alert correlation model based on data mining and ontology (IACMDO) is proposed. IACMDO deals with underlayer alert through cluster and classification, and builds attack knowledge model by ontology, realizing the detection, tracing and predicting against multi-steps attack. The performance of traditional IDS is upgraded through simulations of KDD Cup 1999 and DAPRA 2000 datasets, which verifies the efficiency of the proposed alert correlation model.

Key words: computer engineering, intrusion detection, intrusion alert correlation, data mining, ontology

CLC Number: 

  • TP309.5
[1] Valdes A,Skinner K. Probabilistic alert correlation[J]. Lecture Notes in Computer Science, 2001,2212:54-68.
[2] Dain O, Cunningham R K. Fusing a heterogeneous alert stream Into scenarios[J]. Advances in Information Security,2002,6:103-122.
[3] Debar H,Wespi A. Aggregation and correlation of intrusion detection alerts[J]. Lecture Notes in Computer Science,2001,2212:85-103.
[4] Cuppens F, Miège A. Alert correlation in a cooperative intrusion detection framework[DB/OL].[2013-06-23].http://wenku.baidu.com/view/b1ae3af6f61fb7360b4c6569.html.
[5] Ning Peng,Cui Yun,Reeves D S. Analyzing intensive intrusion alerts via correlation[J]. Lecture Notes in Computer Science,2002,2516:74-94.
[6] 诸葛建伟,徐辉,潘爱民. 基于面向对象方法的攻击知识模型[J]. 计算机研究与发展,2004,41(7):1111-1116.
Zhuge Jian-wei, Xu Hui, Pan Ai-min. An attack knowledge model based on object-oriented technology[J]. Journal of Computer Research and Development, 2004, 41(7):1110-1116.
[7] Undercofffer J, Joshi A, Pinkston J. Modeling computer attacks: an ontology for instrusion detection[J]. Lecture Notes in Computer Science,2003,2820:113-135.
[8] Li Wan, Tian Sheng-feng. An ontology-based intrusion alerts correlation system[J]. Expert Systems with Applications,2010,37(10):7138-7146.
[9] 胡亮,任维武,任斐,等. 基于改进密度聚类的异常检测算法[J]. 吉林大学学报:理学版,2009,47(5):954-960.
Hu Liang, Ren Wei-wu, Ren Fei, et al. Anomaly detection algorithm based on improved destiny clustering[J]. Journal of Jilin University (Science Edition),2009,47(5):954-960.
[10] Pinkston J,Undercoffer J,Joshi A. A target-centric ontology for intrusion detection[C]∥18th International Joint Conference on Artificial Intelligence, Acapulco,Mexico,2004:9-15.
[11] Burbeck K, Nadjm-Tehrani S. ADWICE-anomaly detection with real-time incremental clustering[DB/OL].[2013-06-27].http://wenku.baidu.com/view/a22228edaeaad1f346933ff1.html.
[1] HUANG Lan, JI Lin-ying, YAO Gang, ZHAI Rui-feng, BAI Tian. Construction of disease-symptom semantic net for misdiagnosis prompt [J]. 吉林大学学报(工学版), 2018, 48(3): 859-865.
[2] DENG Jian-xun, XIONG Zhong-yang, DENG Xin. Improved DNALA algorithm based on spectral clustering matrix [J]. 吉林大学学报(工学版), 2018, 48(3): 903-908.
[3] WANG Tie-jun, WANG Wei-lan. Thangka domain ontology reasoning based on Jena [J]. 吉林大学学报(工学版), 2016, 46(6): 2059-2066.
[4] LIANG Yun-hong, REN Lu-quan. Preliminary study of bionics in human life [J]. 吉林大学学报(工学版), 2016, 46(4): 1373-1384.
[5] WANG Liang, HU Kun-yuan, KU Tao, WU Jun-wei. Discovering spatiotemporal hot spot region and mining patterns fro moving trajectory random sampling [J]. 吉林大学学报(工学版), 2015, 45(3): 913-920.
[6] WANG Jun-hua,ZUO Wan-li,PENG Tao. Test-oriented ontology learning methods [J]. 吉林大学学报(工学版), 2015, 45(1): 236-244.
[7] OUYANG Dan-tong, SU Jing, YE Yu-xin, CUI Xian-ji. Local pinpointing of ontology debugging based on model-based diagnosis [J]. 吉林大学学报(工学版), 2014, 44(6): 1757-1763.
[8] LUO Zhi-yong,YOU Bo,XU Jia-zhong,LIANG Yong. Automatic recognition model of intrusive intention based on three layers attack graph [J]. 吉林大学学报(工学版), 2014, 44(5): 1392-1397.
[9] NIU Xiao-xia, WU Yan-xia, ZHU Ruo-ping, GU Guo-chang, LIU Hai-bo. Hardware/software partitioning algorithm based on multiple hardware implementation exploration [J]. 吉林大学学报(工学版), 2014, 44(4): 1088-1093.
[10] LIU Shu-fen, MENG Dong-xue, WANG Xiao-yan. DBSCAN algorithm based on grid cell [J]. 吉林大学学报(工学版), 2014, 44(4): 1135-1139.
[11] LIU Zhao-jun, ZHAO Hao-yu, WANG Jing, LI Xiong-fei, LI Wei. Clustering XML documents by layer information [J]. 吉林大学学报(工学版), 2014, 44(01): 124-128.
[12] LIU Da-you, YANG Jian-ning, YANG Bo, ZHAO Xue-hua, Jin Di. Community mining from complex networks based on loop tightness [J]. 吉林大学学报(工学版), 2013, 43(01): 98-105.
[13] BAI Tian, JI Jin-chao, HE Jia-liang, ZHOU Chun-guang. New clustering method of mixed-attribute data [J]. 吉林大学学报(工学版), 2013, 43(01): 130-134.
[14] ZHANG Jun-wei, YANG Jing, ZHANG Jian-pei, ZHANG Le-jun. Sensitive association rule hiding based on sliding window [J]. 吉林大学学报(工学版), 2013, 43(01): 172-178.
[15] WANG Jian-lin, YANG Yin-sheng, WANG Xue-ling. Evaluation of land use in Yellow river delta based on extension data mining [J]. 吉林大学学报(工学版), 2012, 42(增刊1): 479-483.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!