Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation

Mu Chengpo, Huang Houkuan, Tian Shengfeng, Lin Youfang, and Qin Yuanhui

Journal of Computer Research and Development > 2005 > 42(10): 1679-1685.

Mu Chengpo, Huang Houkuan, Tian Shengfeng, Lin Youfang, and Qin Yuanhui. Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation[J]. Journal of Computer Research and Development, 2005, 42(10): 1679-1685.

Citation:

PDF (351 KB)

Intrusion-Detection Alerts Processing Based on Fuzzy Comprehensive Evaluation

Mu Chengpo, Huang Houkuan, Tian Shengfeng, Lin Youfang, and Qin Yuanhui

(School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044)

More Information

Published Date: October 14, 2005

Graphical Abstract

Abstract

Abstract

An algorithm based on fuzzy comprehensive evaluation for correlating the alerts produced by intrusion detection systems is presented. The paper also gives an approach to learn the confidence metric for each type of alerts, which can be used to filter alerts further. The false positive alerts and duplicate alerts can be reduced significantly by using both the correlation algorithm and the confidence learning method. Meanwhile, the working intensity of network administrators can be reduced gradually. In addition, the correlated alerts are helpful to capture the logical steps or strategies behind attacks and choose appropriate actions to stop ongoing attacks. It can be potentially used to integrate different kinds of security tools together in order to realize the goal of cooperative defence for network systems.
- intrusion detection,
- alert correlation,
- alert processing,
- fuzzy comprehensive evaluation

FullText(HTML)

References (0)

[1]	Li Shunyong, Zhang Miaomiao, Cao Fuyuan. A MD fuzzy k-modes Algorithm for Clustering Categorical Matrix-Object Data[J]. Journal of Computer Research and Development, 2019, 56(6): 1325-1337. DOI: 10.7544/issn1000-1239.2019.20180737
[2]	Wang Yanhui, Xiao Xuemei, Jia Limin. Dynamic and Comprehensive Evaluation Mothod for Interoperability Trust Based on Fuzzy Variable Weighting[J]. Journal of Computer Research and Development, 2012, 49(6): 1235-1242.
[3]	Mu Chengpo, Huang Houkuan, Tian Shengfeng. Hierarchical Online Risk Assessment for Intrusion Scenarios[J]. Journal of Computer Research and Development, 2010, 47(10): 1724-1732.
[4]	Xu Jiaqing, Peng Xin, and Zhao Wenyun. Program Clustering for Comprehension Based on Fuzzy Formal Concept Analysis[J]. Journal of Computer Research and Development, 2009, 46(9): 1556-1566.
[5]	Zhai Junhai, Wang Xizhao, Zhang Sufang. Integration of Multiple Fuzzy Decision Trees Based on Fuzzy Integral[J]. Journal of Computer Research and Development, 2009, 46(3): 470-477.
[6]	Fan Limin, Feng Dengguo, Zhou Yongbin. A Fuzzy-Based Randomness Evaluation Model for Block Cipher[J]. Journal of Computer Research and Development, 2008, 45(12): 2095-2101.
[7]	Mu Chengpo, Huang Houkuan, Tian Shengfeng, Li Xiangjun. A Survey of Intrusion Response Decision-Making Techniques of Automated Intrusion Response Systems[J]. Journal of Computer Research and Development, 2008, 45(8): 1290-1298.
[8]	Bao Xuhua, Dai Yingxia, Lian Yifeng, and Zhu Pengfei. The Correlation Determine Algorithm for Implied Restriction[J]. Journal of Computer Research and Development, 2007, 44(12): 2028-2035.
[9]	Zhang Xiaoning and Feng Dengguo. Intrusion Detection for Ad Hoc Routing Based on Fuzzy Behavior Analysis[J]. Journal of Computer Research and Development, 2006, 43(4): 621-626.
[10]	Mu Chengpo, Huang Houkuan, and Tian Shengfeng. A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8.