GENERATING SECURITY EVENT CORRELATION RULES THROUGH K-MEANS CLUSTERING

Nelson Uto; Helen Teixeira; Andre Blazko; Marcos Ferreira de Paula; Renata Cicilini Teixeira; Mamede Lima Marques

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

GENERATING SECURITY EVENT CORRELATION RULES THROUGH K-MEANS CLUSTERING

Topics: Intrusion Detection and Vulnerability Assessment

In Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE, 376-381, 2005 , Reading, United Kingdom

Authors: Nelson Uto ¹ ; Helen Teixeira ¹ ; Andre Blazko ¹ ; Marcos Ferreira de Paula ¹ ; Renata Cicilini Teixeira ¹ and Mamede Lima Marques ²

Affiliations: ¹ CPqD Telecom & IT Solutions, Brazil ; ² Universidade de Brasilia, Brazil

Keyword(s): Network security, security event correlation, semi-automatic rule generation, data mining.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: Current implementations of intrusion detection systems (IDSs) have two drawbacks: 1) they normally generate far too many false positives, overloading human operators to such an extent that they can not respond effectively to the real alerts; 2) depending on the proportion of genuine attacks within the total network traffic, an IDS may never be effective. One approach to overcoming these obstacles is to correlate information from a wide variety of networks sensors, not just IDSs, in order to obtain a more complete picture on which to base decisions as to whether alerted events represent malicious activity or not. The challenge in such an analysis is the generation of the correlation rules that are to be used. At present, creating these rules is a time consuming manual task that requires expert knowledge. This work describes how data mining, specifically the k-means clustering technique, can be employed to assist in the semi-automatic generation of such correlation rules.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.16.15.149

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Uto, N.; Teixeira, H.; Blazko, A.; Ferreira de Paula, M.; Cicilini Teixeira, R. and Lima Marques, M. (2005). GENERATING SECURITY EVENT CORRELATION RULES THROUGH K-MEANS CLUSTERING. In Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE; ISBN 972-8865-32-5; ISSN 2184-3236, SciTePress, pages 376-381. DOI: 10.5220/0001417903760381

@conference{icete05,
author={Nelson Uto. and Helen Teixeira. and Andre Blazko. and Marcos {Ferreira de Paula}. and Renata {Cicilini Teixeira}. and Mamede {Lima Marques}.},
title={GENERATING SECURITY EVENT CORRELATION RULES THROUGH K-MEANS CLUSTERING},
booktitle={Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE},
year={2005},
pages={376-381},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001417903760381},
isbn={972-8865-32-5},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE
TI - GENERATING SECURITY EVENT CORRELATION RULES THROUGH K-MEANS CLUSTERING
SN - 972-8865-32-5
IS - 2184-3236
AU - Uto, N.
AU - Teixeira, H.
AU - Blazko, A.
AU - Ferreira de Paula, M.
AU - Cicilini Teixeira, R.
AU - Lima Marques, M.
PY - 2005
SP - 376
EP - 381
DO - 10.5220/0001417903760381
PB - SciTePress