We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Reseach Article

Intrusion Alert Correlation based on UFP-Growth and Genetic Algorithm

by Anand Jawdekar, Vineet Richariya
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 57 - Number 10
Year of Publication: 2012
Authors: Anand Jawdekar, Vineet Richariya
10.5120/9148-3393

Anand Jawdekar, Vineet Richariya . Intrusion Alert Correlation based on UFP-Growth and Genetic Algorithm. International Journal of Computer Applications. 57, 10 ( November 2012), 4-8. DOI=10.5120/9148-3393

@article{ 10.5120/9148-3393,
author = { Anand Jawdekar, Vineet Richariya },
title = { Intrusion Alert Correlation based on UFP-Growth and Genetic Algorithm },
journal = { International Journal of Computer Applications },
issue_date = { November 2012 },
volume = { 57 },
number = { 10 },
month = { November },
year = { 2012 },
issn = { 0975-8887 },
pages = { 4-8 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume57/number10/9148-3393/ },
doi = { 10.5120/9148-3393 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:00:03.316267+05:30
%A Anand Jawdekar
%A Vineet Richariya
%T Intrusion Alert Correlation based on UFP-Growth and Genetic Algorithm
%J International Journal of Computer Applications
%@ 0975-8887
%V 57
%N 10
%P 4-8
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion alert correlation is subject to assessment of security and risk level of quantitative analysis of security threats. Intrusion alerts correlation, especially the quantitative characterization of network security and the approach of the build and update of network security scenario and measurement, is one of the important basic approaches of building security services based on the correlation. Various author proposed a model for security analysis of intrusion alert correlation such as Assessment of Credibility, Risk and the Loss of system (ACRL). In this method the correlation value of intrusion find the way of credibility and risk. Some another approach are also used such as graph theory approach for the analysis of node behavior in attack scenario. In this paper we proposed a new algorithm for intrusion alert correlation based on uncertain FP-growth and genetic algorithm. Uncertain FP-growth finds the possibility of probability in attacks occurred before events and mange by the security policy manger. In the process of correlation various value of quantitative are generated some value are exactly correlated and some are low value of quantitative. For the measurement of low value of risk correlation we used genetic algorithm for the optimization process of risk level.

References
  1. Fayyad U,Piatesky-Shapiro G,Smyth P. The KDD Process for Extracting Useful Knowledge Form Volumes of Data ommunications of the ACM,1996.
  2. W. Lee, S. J. Hershkop, P. K. Chan, E. Eskin, W. Fan, M. Miller,S. Hershkop and J. Zhang, "Real Time Data Mining-based Intrusion Detection", In Proc. of the DISCEX II 2001. Anaheim, Vol. 1, pp. 89-100, 2001.
  3. D. Parikh and T. Chen, "Data fusion and cost minimization for intrusion detection", IEEE Trans. on Information Forensics and Security, Vol. 3, No. 3, pp. 381-389, 2008.
  4. Wang Yingmei, Wang Shengkai and Cheng Xiangyun, Security Risk Assessment of Information System, Publishing House of Electronic Industry, Beijing, 2007.
  5. K. Julisch and M. Dacier, "Mining intrusion detection alarms for actionable knowledge", Proceedings of the 8th ACM International Conference on Knowledge Discovery and Data Mining, July 2002, pp. 366-375.
  6. A. Valdes and K. Skinner, "Probabilistic alert correlation", Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), 2001, pp. 54-68.
  7. F. Cuppens, F. Autrel, A. Miège, and S. Benferhat "Correlation in an intrusion detection process", Internet SecurityCommunication Workshop (SECI'02), September 2002, pp. 153-172.
  8. F. Cuppens and A. Miège, "Alert correlation in a cooperative intrusion detection framework", 2002 IEEE Symposium on Security and Privacy, May 2002, pp. 202-215.
  9. Li Yang and Dong Xinfa "Alert Correlation Model Design based on Self-regulate" in Second International Conference on MultiMedia and Information Technology IEEE, 2010.
  10. Jin SHI, Guangwei HU, Mingxin LU and Li XIE "Intrusion Alerts Correlation Based Assessment of Network Security" in International Conference of Information Science and Management Engineering IEEE, 2010.
  11. Lu Simei, Zhang Jianlin, Sun Hao, Luo Liming "Security Risk Assessment Model Based on AHP/D-S Evidence Theory" in International Forum on Information Technology and Applications IEEE, 2009.
  12. "An Adaptive Rule-Based Intrusion Alert Correlation Detection Method" in First International Conference on Networking and Distributed Computing IEEE, 2010.
  13. Alter, S. , Sherer, S. : A general, but readily adaptable model of information system risk. Communications of Association for Information Systems,14 (2004), 1-28.
  14. Sun, L. , Srivastava, R. P. , Mock, T. J. : An Information Systems Security Risk Assessment Model under Dempster-Shafer Theory of Belief Functions Journal of Management.
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion Alert correlation Uncertain FP-growth & Genetic Algorithm KDDCUP1999 risk calculation Intrusion detection