Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection

MA Lin-ru1; YANG Lin2; WANG Jian-xin2; TANG Xin2

您当前的位置：

首页 >

文章列表页 >

Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection

更新时间：2024-10-14

- Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection
- Issue 9, Pages: 47-52(2006)
- 作者机构：
  
  国防科学技术大学电子科学与工程学院 2. 总参第61研究所
- 作者简介：
- 基金信息：
- DOI：
  CLC： TP393.08
- Published：2006
- 稿件说明：
移动端阅览
MA Lin-ru1, YANG Lin2, WANG Jian-xin2, et al. Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection[J]. 2006, (9): 47-52.
DOI：

MA Lin-ru1, YANG Lin2, WANG Jian-xin2, et al. Using fuzzy clustering to reconstruct alert correlation graph of intrusion detection[J]. 2006, (9): 47-52. DOI：

摘要

众多的入侵检测告警关联方法中

因果关联是最具代表性的方法之一。针对因果关联在一些条件下会引发关联图分裂的问题

提出利用模糊聚类的方法实现攻击场景重构。在聚类过程中

针对告警特性提出一种基于属性层次树的相似度隶属函数定义方法

并给出评价相似度度量和衡量攻击场景构建能力的若干指标。实验结果表明

该方法能够有效地组合分裂的关联图

重构攻击场景。

Abstract

Causal correlation method was one of the most representative methods for instruction detection alert correla-tion. In some conditions

the correlation graph would be split because of loss of causal information. In order to solve the problem

an algorithm was proposed to reconstruct attack scenario using fuzzy clustering. A new similarity membership function based on the attribute hierarchy tree was defined in the process of clustering. Furthermore

the evaluation method and indexes were put forward to describe the ability of reconstructing attack scenario. The experimental results indicate that this algorithm is valid to combine the split correlation graph and reconstruct attack scenario.

关键词

Keywords

references

Views

916

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Survey on application of attack graph technology

Alert processing based on attack graph and multi-source analyzing

Research on PSO-based intuitionistic fuzzy kernel clustering algorithm

Fuzzy co-clustering algorithm for high-order heterogeneous data

Cloud scheduling algorithm based on fuzzy clustering

Related Author

An-kang JU

Chen-dong WANG

Yuan-bo GUO

Zi-wei YE

Yi-xian YANG

Bin WU

Kang-feng ZHENG

Wei-xin LIU

Related Institution

School of Cyberspace Security,PLA Information Engineering University

State Key Laboratory of Mathematical Engineering and Advanced Computing

Information Security Centre,Beijing University of Posts and Telecommunications

School of Air and Missile Defense, Air Force Engineering University

College of Computer Science and Technology, Harbin Engineering University

AI问答

⁰