City Research Online

A New Metric for Prioritising Intrusion Alerts Using Correlation and Outlier Analysis

Shittu, R., Healing, A., Ghanea-Hercock, R. , Bloomfield, R. E. & Rajarajan, M. (2014). A New Metric for Prioritising Intrusion Alerts Using Correlation and Outlier Analysis. Paper presented at the 39th IEEE Conference on Local Computer Networks, 08-09-2014 - 11-09-2014, Edmonton, Canada.

Abstract

In a medium sized network, an Intrusion Detection System (IDS) could produce thousands of alerts a day many of which may be false positives. In the vast number of triggered intrusion alerts, identifying those to prioritise is highly challenging. Alert Correlation and prioritisation are both viable analytical methods which are commonly used to understand and prioritise alerts. However, to the author’s knowledge, very few dynamic prioritisation metrics exist. In this paper, a new prioritisation metric - OutMet, which is based on measuring the degree to which an alert belongs to anomalous behaviour is proposed. OutMet combines alert correlation and prioritisation analysis and in given attack scenarios, is capable of reducing false positives by upto 100%. The metric is tested and evaluated using the recently developed cyber-range dataset provided by Northrop Grumman.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: © 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
T Technology > T Technology (General)
Departments: School of Science & Technology > Engineering
[thumbnail of Paper 6 (3).pdf]
Preview
Text - Accepted Version
Download (473kB) | Preview

Export

Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login