Journal of Northeastern University(Natural Science)

Journal of Northeastern University ›› 2005, Vol. 26 ›› Issue (11): 27-30.DOI: -

• OriginalPaper • Previous Articles     Next Articles

Algorithm to mine and analyze intrusion alert patterns

Dong, Xiao-Mei (1); Yu, Ge (1)   

  1. (1) School of Information Science and Engineering, Northeastern University, Shenyang 110004, China
  • Received:2013-06-24 Revised:2013-06-24 Online:2005-11-15 Published:2013-06-24
  • Contact: Dong, X.-M.
  • About author:-
  • Supported by:
    -

RichHTML

0

PDF (PC)

475

Abstract: To reduce effectively the frequency of alerts and extract useful information from them, an algorithm was proposed to mine and analyze the patterns of intrusion alert streams on the basis of CLOSET algorithm. In a distributed intrusion detection system, the algorithm can help the response component mine and analyze the alerts especially their frequently closed patterns from its detection components so as to response in reference to the patterns. To find latent intrusion, the intrusion detection message exchange format (IDMEF) was extended with a concept of suspicion level proposed. To study further those alerts which are highly suspicious but less frequent, the algorithm as above was improved by adding a parameter of lowest suspicion level to it. Experimental results showed that both algorithms are effective in reducing the frequency of alerts but the improved one is better at mining useful information.

CLC Number: