Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms

Zehua Ren; Yang Liu; Huixiang Liu; Baoxiang Jiang; Xiangzhen Yao; Lin Li; Haiwen Yang; Ting Liu

doi:10.1109/INFOCOMWKSHPS54753.2022.9798168

Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms

Zehua Ren
, Yang Liu
, Huixiang Liu
, Baoxiang Jiang
, Xiangzhen Yao
, Lin Li
, Haiwen Yang
, Ting Liu

电子与信息学部

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

2 引用（Scopus）

摘要

Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatiotemporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.

源语言	英语
主期刊名	INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops
出版商	Institute of Electrical and Electronics Engineers Inc.
ISBN（电子版）	9781665409261
DOI	https://doi.org/10.1109/INFOCOMWKSHPS54753.2022.9798168
出版状态	已出版 - 2022
活动	2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022 - Virtual, Online, 美国期限: 2 5月 2022 → 5 5月 2022

出版系列

姓名	INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops

会议

会议	2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022
国家/地区	美国
市	Virtual, Online
时期	2/05/22 → 5/05/22

访问文件

10.1109/INFOCOMWKSHPS54753.2022.9798168

其它文件与链接

链接到 Scopus 的出版物

引用此

Ren, Z., Liu, Y., Liu, H., Jiang, B., Yao, X., Li, L., Yang, H., & Liu, T. (2022). Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms. 在 INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INFOCOMWKSHPS54753.2022.9798168

@inproceedings{8ef88cc8f8dd44989b1e9f83780f0986,

title = "Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms",

abstract = "Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatiotemporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.",

keywords = "Community Discovery, Pattern Matching, Situation Awareness, Spatio-temporal Correlation, Subgraph Mining",

author = "Zehua Ren and Yang Liu and Huixiang Liu and Baoxiang Jiang and Xiangzhen Yao and Lin Li and Haiwen Yang and Ting Liu",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022 ; Conference date: 02-05-2022 Through 05-05-2022",

year = "2022",

doi = "10.1109/INFOCOMWKSHPS54753.2022.9798168",

language = "英语",

series = "INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops",

}

Ren, Z, Liu, Y, Liu, H, Jiang, B, Yao, X, Li, L, Yang, H & Liu, T 2022, Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms. 在 INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops. INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops, Institute of Electrical and Electronics Engineers Inc., 2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022, Virtual, Online, 美国, 2/05/22. https://doi.org/10.1109/INFOCOMWKSHPS54753.2022.9798168

Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms. / Ren, Zehua; Liu, Yang; Liu, Huixiang 等.
INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops. Institute of Electrical and Electronics Engineers Inc., 2022. (INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms

AU - Ren, Zehua

AU - Liu, Yang

AU - Liu, Huixiang

AU - Jiang, Baoxiang

AU - Yao, Xiangzhen

AU - Li, Lin

AU - Yang, Haiwen

AU - Liu, Ting

PY - 2022

Y1 - 2022

N2 - Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatiotemporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.

AB - Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatiotemporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.

KW - Community Discovery

KW - Pattern Matching

KW - Situation Awareness

KW - Spatio-temporal Correlation

KW - Subgraph Mining

UR - https://www.scopus.com/pages/publications/85133937030

U2 - 10.1109/INFOCOMWKSHPS54753.2022.9798168

DO - 10.1109/INFOCOMWKSHPS54753.2022.9798168

M3 - 会议稿件

AN - SCOPUS:85133937030

T3 - INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops

BT - INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2022 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2022

Y2 - 2 May 2022 through 5 May 2022

ER -

Ren Z, Liu Y, Liu H, Jiang B, Yao X, Li L 等. Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms. 在 INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops. Institute of Electrical and Electronics Engineers Inc. 2022. (INFOCOM WKSHPS 2022 - IEEE Conference on Computer Communications Workshops). doi: 10.1109/INFOCOMWKSHPS54753.2022.9798168

Network Security Situation Awareness Based on Spatio-temporal Correlation of Alarms

摘要

出版系列

会议

访问文件

其它文件与链接

学术指纹

引用此