An Alert Correlation and Analysis Algorithm Based on Frequent Pattern Mining

DONG Xiao-mei; YU Ge; SUN Jing-ru; WANG Li-na

您当前的位置：

首页 >

文章列表页 >

An Alert Correlation and Analysis Algorithm Based on Frequent Pattern Mining

更新时间：2025-07-16

- An Alert Correlation and Analysis Algorithm Based on Frequent Pattern Mining
- Acta Electronica Sinica Vol. 33, Issue 8, Pages: 1356-1359(2005)
- 作者机构：
  
  1. 东北大学信息科学与工程学院,辽宁,沈阳,110004
  2. 武汉大学计算机学院,湖北,武汉,430072
  3. 东北大学信息科学与工程学院辽宁沈阳,110004
  4. 武汉大学计算机学院湖北武汉,430072
- 作者简介：
- 基金信息：
- DOI：
  CLC： TP393.08
- Published：2005
- 稿件说明：
移动端阅览
DONG Xiao-mei, YU Ge, SUN Jing-ru, et al. An Alert Correlation and Analysis Algorithm Based on Frequent Pattern Mining[J]. Acta Electronica Sinica, 2005, 33(8): 1356-1359.
DOI：

DONG Xiao-mei, YU Ge, SUN Jing-ru, et al. An Alert Correlation and Analysis Algorithm Based on Frequent Pattern Mining[J]. Acta Electronica Sinica, 2005, 33(8): 1356-1359. DOI：

摘要

提出了一个入侵检测与响应协作模型

结合入侵容忍的思想扩展了入侵检测消息交换格式IDMEF

增加了怀疑度属性.除了发现的入侵事件外

一些可疑的事件也会报告给协作部件.提出了一个基于修改的CLOSET频繁闭模式挖掘算法的报警关联与分析算法

在分布式入侵检测与响应协作系统中

帮助协作部件对收到的IDMEF格式的报警消息进行关联和分析

以便做出合适的响应.为此

修改了CLOSET算法来按照最小支持度和最小怀疑度来得到频繁闭模式.实验结果表明

应用该算法可以很好地缩减报警数量

同时对于所有可疑的和入侵事件

都可以做出适宜的响应.

Abstract

An intrusion detection and response cooperation model was proposed.Incorporating the intrusion tolerance idea

the Intrusion Detection Message Exchange Format (IDMEF) was extended and a suspicious degree attribute was added.So suspicious events as well as intrusions can be reported to the cooperation components.An alert correlation and analysis algorithm was proposed

which was based on the modified CLOSET frequent close pattern mining algorithm.The algorithm can help the cooperation components in a distributed intrusion detection and response cooperation system to correlate and analyze the alerts received to make appropriate responses.To meet this purpose

the CLOSET algorithm was modified to obtain frequent close patterns according to a minimum support and a minimum suspicion degree.Experimental results show that when applying the algorithm

the amount of alerts can be effectively decreased.And appropriate responses can be made according to all the suspicious and intrusion events.

关键词

Keywords

references

Views

1003

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Intrusion Detection Method Based on Capsule Network for Industrial Internet

Intrusion Detection Alert Correlation Based on Choquet Fuzzy Integral

Masquerade Detection Based on Shell Commands and High-Order Markov Chain Models

An Algorithm for Frequent Pattern Mining in Biological Networks

A Research and Application of Feature Selection Based on KNN and Tabu Search Algorithm in the Intrusion Detection

Related Author

HU Xiang-dong

LI Zhi-han

Nurbol

CHAI Sheng

LI Hong-wei

HU Liang

XIAO Xi

ZHAI Qi-bin

Related Institution

School of Automation/School of Industrial Internet, Chongqing University of Posts and Telecommunications

Key Laboratory for Symbol Computation and Knowledge Engineering (Jilin University)Ministry of EducationChangchunJilin 130012China

College of Computer Science and Technology Institute,Jilin University

College of Information Science and Engineering,XinJiang University

College of Computer Science and Technology InstituteJilin UniversityChangchunJilin 130012China

⁰