Enhanced framework for alert processing using clustering approach based on artificial immune system

The Intrusion Detection System (IDS) is an industrial-driven technology that monitors the network infrastructure of an organization from malicious intent. Although the IDS technology has advanced tremendously, one of the main issues that still remains since its beginning is the huge amount of attack...

Full description

Saved in:
Bibliographic Details
Main Author: Mohamed, Ashara Banu
Format: Thesis
Language:English
Published: 2015
Subjects:
Online Access:http://eprints.utm.my/id/eprint/54892/1/AsharaBanuMohamedPFC2015.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utm-ep.54892
record_format uketd_dc
spelling my-utm-ep.548922020-11-15T09:26:28Z Enhanced framework for alert processing using clustering approach based on artificial immune system 2015-08 Mohamed, Ashara Banu QA75 Electronic computers. Computer science The Intrusion Detection System (IDS) is an industrial-driven technology that monitors the network infrastructure of an organization from malicious intent. Although the IDS technology has advanced tremendously, one of the main issues that still remains since its beginning is the huge amount of attack alerts that have to be processed immediately on a daily basis. To manage these alerts effectively, both techniques of data reduction and correlation have to be applied concurrently. Therefore, this research proposes a framework named Intelligent Alert Processing Framework (lAPF) that incorporates both techniques named Alert Reduction Module (ARM) and Alert Correlation Module (ACM) to produce an integrated result. The ARM consists of a new clustering algorithm inspired by the Artificial Immune System (AIS) approach which is the Clonal Selection principle, while the ACM is based on pattern recognition approach. The new clustering algorithm introduces a one-to-one clustering method that first and foremost creates cluster based on a perfect matching criterion and next calculates its vulnerability level. Clusters with 0 vulnerability level will be filtered while other clusters will than proceed to ACM for attack scenario formulation and its successful attack scenario probability. The IAPF was successfully experimented using a standard simulated dataset and a real-time dataset from PRISMA (Pemantauan Rangkaian ICT Sektor Awam). The result of the experiment indicated that ARM achieved accurate clustering output, with zero cluster error within an average of 6.36 seconds processing time and the reduction rate of alerts attained is 95.34%. Meanwhile ACM managed to detect all possible attack scenarios based on the predefined patterns. The proposed framework has reduced the number of alerts, creates attack scenarios and simultaneously produced vulnerability level for each clusters and the correlated successful attack scenario probability. 2015-08 Thesis http://eprints.utm.my/id/eprint/54892/ http://eprints.utm.my/id/eprint/54892/1/AsharaBanuMohamedPFC2015.pdf application/pdf en public http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:95486 phd doctoral Universiti Teknologi Malaysia, Faculty of Computing Faculty of Computing
institution Universiti Teknologi Malaysia
collection UTM Institutional Repository
language English
topic QA75 Electronic computers
Computer science
spellingShingle QA75 Electronic computers
Computer science
Mohamed, Ashara Banu
Enhanced framework for alert processing using clustering approach based on artificial immune system
description The Intrusion Detection System (IDS) is an industrial-driven technology that monitors the network infrastructure of an organization from malicious intent. Although the IDS technology has advanced tremendously, one of the main issues that still remains since its beginning is the huge amount of attack alerts that have to be processed immediately on a daily basis. To manage these alerts effectively, both techniques of data reduction and correlation have to be applied concurrently. Therefore, this research proposes a framework named Intelligent Alert Processing Framework (lAPF) that incorporates both techniques named Alert Reduction Module (ARM) and Alert Correlation Module (ACM) to produce an integrated result. The ARM consists of a new clustering algorithm inspired by the Artificial Immune System (AIS) approach which is the Clonal Selection principle, while the ACM is based on pattern recognition approach. The new clustering algorithm introduces a one-to-one clustering method that first and foremost creates cluster based on a perfect matching criterion and next calculates its vulnerability level. Clusters with 0 vulnerability level will be filtered while other clusters will than proceed to ACM for attack scenario formulation and its successful attack scenario probability. The IAPF was successfully experimented using a standard simulated dataset and a real-time dataset from PRISMA (Pemantauan Rangkaian ICT Sektor Awam). The result of the experiment indicated that ARM achieved accurate clustering output, with zero cluster error within an average of 6.36 seconds processing time and the reduction rate of alerts attained is 95.34%. Meanwhile ACM managed to detect all possible attack scenarios based on the predefined patterns. The proposed framework has reduced the number of alerts, creates attack scenarios and simultaneously produced vulnerability level for each clusters and the correlated successful attack scenario probability.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Mohamed, Ashara Banu
author_facet Mohamed, Ashara Banu
author_sort Mohamed, Ashara Banu
title Enhanced framework for alert processing using clustering approach based on artificial immune system
title_short Enhanced framework for alert processing using clustering approach based on artificial immune system
title_full Enhanced framework for alert processing using clustering approach based on artificial immune system
title_fullStr Enhanced framework for alert processing using clustering approach based on artificial immune system
title_full_unstemmed Enhanced framework for alert processing using clustering approach based on artificial immune system
title_sort enhanced framework for alert processing using clustering approach based on artificial immune system
granting_institution Universiti Teknologi Malaysia, Faculty of Computing
granting_department Faculty of Computing
publishDate 2015
url http://eprints.utm.my/id/eprint/54892/1/AsharaBanuMohamedPFC2015.pdf
_version_ 1747817749133918208