z-logo
Premium
An alert correlation platform for memory‐supported techniques
Author(s) -
Roschke Sebastian,
Cheng Feng,
Meinel Christoph
Publication year - 2012
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.1750
Subject(s) - computer science , intrusion detection system , cluster analysis , software deployment , task (project management) , process (computing) , data mining , distributed computing , database , operating system , machine learning , management , economics
SUMMARY Intrusion Detection Systems (IDS) have been widely deployed in practice for detecting malicious behavior on network communication and hosts. False‐positive alerts are a popular problem for most IDS approaches. The solution to address this problem is to enhance the detection process by correlation and clustering of alerts. To meet the practical requirements, this process needs to be finished fast, which is a challenging task as the amount of alerts in large‐scale IDS deployments is significantly high. We identifytextitdata storage and processing algorithms to be the most important factors influencing the performance of clustering and correlation. We propose and implement a highly efficient alert correlation platform. For storage, a column‐based database, an In‐Memory alert storage, and memory‐based index tables lead to significant improvements of the performance. For processing, algorithms are designed and implemented which are optimized for In‐Memory databases, e.g. an attack graph‐based correlation algorithm. The platform can be distributed over multiple processing units to share memory and processing power. A standardized interface is designed to provide a unified view of result reports for end users. The efficiency of the platform is tested by practical experiments with several alert storage approaches, multiple algorithms, as well as a local and a distributed deployment. Copyright © 2011 John Wiley & Sons, Ltd.

This content is not available in your region!

Continue researching here.

Having issues? You can contact us here