Study of an intrusion event correlation method based on interactive knowledge discovery

Hui Li; Chong Zhao Han; Qing Hua Zheng; Xin Zan

Study of an intrusion event correlation method based on interactive knowledge discovery

Hui Li
, Chong Zhao Han
, Qing Hua Zheng
, Xin Zan

Faculty of Electronic and Information Engineering

Xi'an Jiaotong University

Research output: Contribution to journal › Article › peer-review

3 Scopus citations

Abstract

On the basis of analyzing the evolution and drawbacks of current intrusion detection systems (IDS), a novel intrusion event correlation system (ECS) based on interactive knowledge discovery is proposed. ECS is composed of off-line part and on-line part. As the former, FP_Tree and WINEPI algorithms are first introduced to implement interactive knowledge discovery for intrusion events correlation. And the discovered frequent patterns and sequence patterns are converted into associative rules for the inference of intrusion events. As the online part of the ECS, embedded CLIPS inference engine is employed to do event correlation, based on priori knowledge and the associative rules discovered above. Application of the ECS in the integrated network security monitor and defense system named Net-Keeper shows that the proposed system is an open and efficient intrusion event correlation engine.

Original language	English
Pages (from-to)	1911-1918
Number of pages	8
Journal	Jisuanji Yanjiu yu Fazhan/Computer Research and Development
Volume	41
Issue number	11
State	Published - Nov 2004

Keywords

Computer network security
Expert system
Interactive knowledge discovery
Intrusion detection

Cite this

@article{687957e16de5412c9a0ba74207c746ee,

title = "Study of an intrusion event correlation method based on interactive knowledge discovery",

abstract = "On the basis of analyzing the evolution and drawbacks of current intrusion detection systems (IDS), a novel intrusion event correlation system (ECS) based on interactive knowledge discovery is proposed. ECS is composed of off-line part and on-line part. As the former, FP\_Tree and WINEPI algorithms are first introduced to implement interactive knowledge discovery for intrusion events correlation. And the discovered frequent patterns and sequence patterns are converted into associative rules for the inference of intrusion events. As the online part of the ECS, embedded CLIPS inference engine is employed to do event correlation, based on priori knowledge and the associative rules discovered above. Application of the ECS in the integrated network security monitor and defense system named Net-Keeper shows that the proposed system is an open and efficient intrusion event correlation engine.",

keywords = "Computer network security, Expert system, Interactive knowledge discovery, Intrusion detection",

author = "Hui Li and Han, \{Chong Zhao\} and Zheng, \{Qing Hua\} and Xin Zan",

year = "2004",

month = nov,

language = "英语",

volume = "41",

pages = "1911--1918",

journal = "Jisuanji Yanjiu yu Fazhan/Computer Research and Development",

issn = "1000-1239",

publisher = "Science Press ",

number = "11",

}

TY - JOUR

T1 - Study of an intrusion event correlation method based on interactive knowledge discovery

AU - Li, Hui

AU - Han, Chong Zhao

AU - Zheng, Qing Hua

AU - Zan, Xin

PY - 2004/11

Y1 - 2004/11

N2 - On the basis of analyzing the evolution and drawbacks of current intrusion detection systems (IDS), a novel intrusion event correlation system (ECS) based on interactive knowledge discovery is proposed. ECS is composed of off-line part and on-line part. As the former, FP_Tree and WINEPI algorithms are first introduced to implement interactive knowledge discovery for intrusion events correlation. And the discovered frequent patterns and sequence patterns are converted into associative rules for the inference of intrusion events. As the online part of the ECS, embedded CLIPS inference engine is employed to do event correlation, based on priori knowledge and the associative rules discovered above. Application of the ECS in the integrated network security monitor and defense system named Net-Keeper shows that the proposed system is an open and efficient intrusion event correlation engine.

AB - On the basis of analyzing the evolution and drawbacks of current intrusion detection systems (IDS), a novel intrusion event correlation system (ECS) based on interactive knowledge discovery is proposed. ECS is composed of off-line part and on-line part. As the former, FP_Tree and WINEPI algorithms are first introduced to implement interactive knowledge discovery for intrusion events correlation. And the discovered frequent patterns and sequence patterns are converted into associative rules for the inference of intrusion events. As the online part of the ECS, embedded CLIPS inference engine is employed to do event correlation, based on priori knowledge and the associative rules discovered above. Application of the ECS in the integrated network security monitor and defense system named Net-Keeper shows that the proposed system is an open and efficient intrusion event correlation engine.

KW - Computer network security

KW - Expert system

KW - Interactive knowledge discovery

KW - Intrusion detection

UR - https://www.scopus.com/pages/publications/10444242502

M3 - 文章

AN - SCOPUS:10444242502

SN - 1000-1239

VL - 41

SP - 1911

EP - 1918

JO - Jisuanji Yanjiu yu Fazhan/Computer Research and Development

JF - Jisuanji Yanjiu yu Fazhan/Computer Research and Development

IS - 11

ER -

Study of an intrusion event correlation method based on interactive knowledge discovery

Abstract

Keywords

Other files and links

Fingerprint

Cite this