An Efficient Intrusion Alerts Miner for Forensics Readiness in High Speed Networks-Reference-Cited by-同舟云学术

An Efficient Intrusion Alerts Miner for Forensics Readiness in High Speed Networks

Published:2014-01 Issue:1 Volume:8 Page:62-78
ISSN:1930-1650
Container-title:International Journal of Information Security and Privacy
language:en
Short-container-title:

Author:

Akremi Aymen¹,Sallay Hassen²,Rouached Mohsen³

Affiliation:

1. CES Research Unit, National School of Engineers of Sfax, Sfax, Tunisia

2. Al Imam Mohammad Ibn Saud Islamic University. (IMSIU), Riyadh, Saudi Arabia

3. College of Computers and Information Technology, Taif University, Taif, Saudi Arabia

Abstract

Intrusion Detection System is considered as a core tool in the collection of forensically relevant evidentiary data in real or near real time from the network. The emergence of High Speed Network (HSN) and Service oriented architecture/Web Services (SOA/WS) putted the IDS in face of a typical big data management problem. The log files that IDS generates are very enormous making very fastidious and both compute and memory intensive the forensics readiness process. Furthermore the high level rate of wrong alerts complicates the forensics expert alert analysis and it disproves its performance, efficiency and ability to select the best relevant evidences to attribute attacks to criminals. In this context, we propose Alert Miner (AM), an intrusion alert classifier, which classifies efficiently in near real-time the intrusion alerts in HSN for Web services. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance. AM reduces false positive alerts without losing high sensitivity (up to 95%) and accuracy up to (97%). Therefore AM facilitates the alert analysis process and allows the investigators to focus their analysis on the most critical alerts on near real-time scale and to postpone less critical alerts for an off-line log analysis.

Publisher

IGI Global

Subject

Information Systems

Reference17 articles.

1. Mining association rules between sets of items in large databases

2. Chirkova, A. D. (2007). In Proceedings of the 23rd International Conference on Data Engineering (ICDE 2007). The Marmara Hotel, Istanbul, Turkey: IEEE.

3. Clifton, G. (2000). Developing custom intrusion detection filters using data mining. In 21st Century Military Communications Conference Proceedings (MILCOM 2000).

4. Fayyad, P. U. G.-s. (1996). Knowledge discovery and data mining: Towards a unifying framework. AAAI Press (pp. 82–88).

5. IBM. P. Z. (2011). Understanding big data: Analytics for enterprise class hadoop and streaming data (1st ed.). McGraw-Hill Osborne Media.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Applying Digital Forensics to Service Oriented Architecture;International Journal of Web Services Research;2020-01

2. Towards a Built-In Digital Forensics-Aware Framework for Web Services;2015 11th International Conference on Computational Intelligence and Security (CIS);2015-12

3. Intrusion detection alert management for high-speed networks: current researches and applications;Security and Communication Networks;2015-09-15