Enhanced Alert Correlation Framework for Heterogeneous Log
Management of intrusion alarms particularly in identifying malware attack is becoming more demanding due to large amount of alert produced by low-level detectors. Alert correlation can provide high-level view of intrusion alerts but incapable of handling large amount of alarm. This paper proposes an...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | en |
| Published: |
2011
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/80/1/Enhanced_ACF_for_Heterogeneous_log-id_47_camera_ready.pdf http://eprints.utem.edu.my/id/eprint/80/ http://www.sdiwc.net/kl/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832715930108428288 |
|---|---|
| author | Yusof, R. Selamat, S. R. Sahib, S. Mas'ud, M. Z. Abdollah, M. F. |
| author_facet | Yusof, R. Selamat, S. R. Sahib, S. Mas'ud, M. Z. Abdollah, M. F. |
| author_sort | Yusof, R. |
| building | UTEM Library |
| collection | Institutional Repository |
| content_provider | Universiti Teknikal Malaysia Melaka |
| content_source | UTEM Institutional Repository |
| continent | Asia |
| country | Malaysia |
| description | Management of intrusion alarms particularly in identifying malware attack is becoming more demanding due to large amount of alert produced by low-level detectors. Alert correlation can provide high-level view of intrusion alerts but incapable of handling large amount of alarm. This paper proposes an enhanced Alert Correlation Framework for sensors and heterogeneous log. It can reduce the large amount of false alarm and identify the perspective of the attack. This framework is mainly focusing on the alert correlation module which consists of Alarm Thread Reconstruction, Log Thread Reconstruction, Attack Session Reconstruction, Alarm Merging and Attack Pattern Identification module. It is evaluated using metric for effectiveness that shows high correlation rate, reduction rate, identification rate and low misclassification rate. Meanwhile in statistical validation it has highly significance result with p < 0.05. This enhanced Alert Correlation Framework can be extended into research areas in alert correlation and computer forensic investigation. |
| format | Conference or Workshop Item |
| id | my.utem.eprints-80 |
| institution | Universiti Teknikal Malaysia Melaka |
| language | en |
| publishDate | 2011 |
| record_format | eprints |
| spelling | my.utem.eprints-802015-05-28T02:16:40Z http://eprints.utem.edu.my/id/eprint/80/ Enhanced Alert Correlation Framework for Heterogeneous Log Yusof, R. Selamat, S. R. Sahib, S. Mas'ud, M. Z. Abdollah, M. F. Q Science (General) Management of intrusion alarms particularly in identifying malware attack is becoming more demanding due to large amount of alert produced by low-level detectors. Alert correlation can provide high-level view of intrusion alerts but incapable of handling large amount of alarm. This paper proposes an enhanced Alert Correlation Framework for sensors and heterogeneous log. It can reduce the large amount of false alarm and identify the perspective of the attack. This framework is mainly focusing on the alert correlation module which consists of Alarm Thread Reconstruction, Log Thread Reconstruction, Attack Session Reconstruction, Alarm Merging and Attack Pattern Identification module. It is evaluated using metric for effectiveness that shows high correlation rate, reduction rate, identification rate and low misclassification rate. Meanwhile in statistical validation it has highly significance result with p < 0.05. This enhanced Alert Correlation Framework can be extended into research areas in alert correlation and computer forensic investigation. 2011-11-14 Conference or Workshop Item NonPeerReviewed application/pdf en http://eprints.utem.edu.my/id/eprint/80/1/Enhanced_ACF_for_Heterogeneous_log-id_47_camera_ready.pdf Yusof, R. and Selamat, S. R. and Sahib, S. and Mas'ud, M. Z. and Abdollah, M. F. (2011) Enhanced Alert Correlation Framework for Heterogeneous Log. In: The International Conference on Informatics Engineering & Information Science (ICIEIS2011), Nov. 14-16, 2011, University Technology Malaysia, KL Malaysia. (In Press) http://www.sdiwc.net/kl/ |
| spellingShingle | Q Science (General) Yusof, R. Selamat, S. R. Sahib, S. Mas'ud, M. Z. Abdollah, M. F. Enhanced Alert Correlation Framework for Heterogeneous Log |
| title | Enhanced Alert Correlation Framework for Heterogeneous Log |
| title_full | Enhanced Alert Correlation Framework for Heterogeneous Log |
| title_fullStr | Enhanced Alert Correlation Framework for Heterogeneous Log |
| title_full_unstemmed | Enhanced Alert Correlation Framework for Heterogeneous Log |
| title_short | Enhanced Alert Correlation Framework for Heterogeneous Log |
| title_sort | enhanced alert correlation framework for heterogeneous log |
| topic | Q Science (General) |
| url | http://eprints.utem.edu.my/id/eprint/80/1/Enhanced_ACF_for_Heterogeneous_log-id_47_camera_ready.pdf http://eprints.utem.edu.my/id/eprint/80/ http://www.sdiwc.net/kl/ |
| url_provider | http://eprints.utem.edu.my/ |