A New Metric for Prioritising Intrusion Alerts Using Correlation and Outlier Analysis

Shittu, R., Healing, A., Ghanea-Hercock, R., Bloomfield, R. E. & Rajarajan, M. (2014). A New Metric for Prioritising Intrusion Alerts Using Correlation and Outlier Analysis. Paper presented at the 39th IEEE Conference on Local Computer Networks, 08-09-2014 - 11-09-2014, Edmonton, Canada.

[img]
Preview
Text - Accepted Version
Download (473kB) | Preview

Abstract

In a medium sized network, an Intrusion Detection System (IDS) could produce thousands of alerts a day many of which may be false positives. In the vast number of triggered intrusion alerts, identifying those to prioritise is highly challenging. Alert Correlation and prioritisation are both viable analytical methods which are commonly used to understand and prioritise alerts. However, to the author’s knowledge, very few dynamic prioritisation metrics exist. In this paper, a new prioritisation metric - OutMet, which is based on measuring the degree to which an alert belongs to anomalous behaviour is proposed. OutMet combines alert correlation and prioritisation analysis and in given attack scenarios, is capable of reducing false positives by upto 100%. The metric is tested and evaluated using the recently developed cyber-range dataset provided by Northrop Grumman.

Item Type: Conference or Workshop Item (Paper)
Additional Information: © 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > T Technology (General)
Divisions: School of Engineering & Mathematical Sciences > Engineering
URI: http://openaccess.city.ac.uk/id/eprint/4471

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics