City Research Online

Automatic rule generation based on genetic programming for event correlation

Suarez-Tangil, G., Palomar, E., De Fuentes, J. M. , Blasco, J. & Ribagorda, A. (2009). Automatic rule generation based on genetic programming for event correlation. Advances in Intelligent and Soft Computing, 63 AIS, pp. 127-134. doi: 10.1007/978-3-642-04091-7_16

Abstract

The widespread adoption of autonomous intrusion detection technology is overwhelming current frameworks for network security management. Modern intrusion detection systems (IDSs) and intelligent agents are the most mentioned in literature and news, although other risks such as broad attacks (e.g. very widely spread in a distributed fashion like botnets), and their consequences on incident response management cannot be overlooked. Event correlation becomes then essential. Basically, security event correlation pulls together detection, prevention and reaction tasks by means of consolidating huge amounts of event data. Providing adaptation to unknown distributed attacks is a major requirement as well as their automatic identification. This positioning paper poses an optimization challenge in the design of such correlation engine and a number of directions for research. We present a novel approach for automatic generation of security event correlation rules based on Genetic Programming which has been already used at sensor level.

Publication Type: Article
Additional Information: The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-04091-7_16
Publisher Keywords: Event Correlation, Rule Generation, Genetic Programming, Network Security Management
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments: School of Science & Technology > Engineering
SWORD Depositor:
[thumbnail of 2009cisis_gst.pdf]
Preview
Text - Accepted Version
Download (175kB) | Preview

Export

Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login