Journal of Jilin University Science Edition

Previous Articles     Next Articles

An Intrusion Alert Correlation Model Based on Data Mining

YU Xiaodi1, Nurbol2, HU Liang1, XIE Nannan1   

  1. 1. College of Computer Science and Technology, Jilin University, Changchun 130012, China;2. College of Information Science and Engineering, Xin
    jiang University, Urumqi 830046, China
  • Received:2012-08-11 Online:2013-09-26 Published:2013-09-17
  • Contact: XIE Nannan E-mail:xienn1113@163.com

PDF (PC)

390

Like

Abstract:

According to the researches of traditional network intrusion detection, we proposed a multistep intrusion alert collaborative model based on data mining, by which the alert information of several intrusion detection systems can be integrated so as to find the inner contacts by analysing the massive, disordered alert information, the attack alert can be simplified, and the multistep intrusion in the integrated alert information can be found through the constantly updated knowledge database. Comparison of the model with the existing model shows that the correlation analysis method of this model and the build of the multistep intrusion knowledge base really do help to the combination of the characteristics of different systems so as to realize multistep intrusion alert collaborative researches.

Key words:  data mining, anomaly detection, multistep intrusion, alert correlation model

CLC Number: 

  • TP309.2
Copyright © Journal of Jilin University Science Edition, All Rights Reserved.
Tel: +86-431-88499428 E-mail: sejuj@jlu.edu.cn
Powered by Beijing Magtech Co. Ltd