Automatic rule generation based on genetic programming for event correlation

Suarez-Tangil, G., Palomar, E., De Fuentes, J. M., Blasco, J. & Ribagorda, A. (2009). Automatic rule generation based on genetic programming for event correlation. Advances in Intelligent and Soft Computing, 63, pp. 127-134. doi: 10.1007/978-3-642-04091-7_16

[img]
Preview
Text - Accepted Version
Download (175kB) | Preview

Abstract

The widespread adoption of autonomous intrusion detection technology is overwhelming current frameworks for network security management. Modern intrusion detection systems (IDSs) and intelligent agents are the most mentioned in literature and news, although other risks such as broad attacks (e.g. very widely spread in a distributed fashion like botnets), and their consequences on incident response management cannot be overlooked. Event correlation becomes then essential. Basically, security event correlation pulls together detection, prevention and reaction tasks by means of consolidating huge amounts of event data. Providing adaptation to unknown distributed attacks is a major requirement as well as their automatic identification. This positioning paper poses an optimization challenge in the design of such correlation engine and a number of directions for research. We present a novel approach for automatic generation of security event correlation rules based on Genetic Programming which has been already used at sensor level.

Item Type: Article
Additional Information: The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-04091-7_16
Uncontrolled Keywords: Event Correlation, Rule Generation, Genetic Programming, Network Security Management
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Engineering & Mathematical Sciences > Engineering
URI: http://openaccess.city.ac.uk/id/eprint/13756

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics