Enhanced framework for alert processing using clustering approach based on artificial immune system
The Intrusion Detection System (IDS) is an industrial-driven technology that monitors the network infrastructure of an organization from malicious intent. Although the IDS technology has advanced tremendously, one of the main issues that still remains since its beginning is the huge amount of attack...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/54892/1/AsharaBanuMohamedPFC2015.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utm-ep.54892 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-utm-ep.548922020-11-15T09:26:28Z Enhanced framework for alert processing using clustering approach based on artificial immune system 2015-08 Mohamed, Ashara Banu QA75 Electronic computers. Computer science The Intrusion Detection System (IDS) is an industrial-driven technology that monitors the network infrastructure of an organization from malicious intent. Although the IDS technology has advanced tremendously, one of the main issues that still remains since its beginning is the huge amount of attack alerts that have to be processed immediately on a daily basis. To manage these alerts effectively, both techniques of data reduction and correlation have to be applied concurrently. Therefore, this research proposes a framework named Intelligent Alert Processing Framework (lAPF) that incorporates both techniques named Alert Reduction Module (ARM) and Alert Correlation Module (ACM) to produce an integrated result. The ARM consists of a new clustering algorithm inspired by the Artificial Immune System (AIS) approach which is the Clonal Selection principle, while the ACM is based on pattern recognition approach. The new clustering algorithm introduces a one-to-one clustering method that first and foremost creates cluster based on a perfect matching criterion and next calculates its vulnerability level. Clusters with 0 vulnerability level will be filtered while other clusters will than proceed to ACM for attack scenario formulation and its successful attack scenario probability. The IAPF was successfully experimented using a standard simulated dataset and a real-time dataset from PRISMA (Pemantauan Rangkaian ICT Sektor Awam). The result of the experiment indicated that ARM achieved accurate clustering output, with zero cluster error within an average of 6.36 seconds processing time and the reduction rate of alerts attained is 95.34%. Meanwhile ACM managed to detect all possible attack scenarios based on the predefined patterns. The proposed framework has reduced the number of alerts, creates attack scenarios and simultaneously produced vulnerability level for each clusters and the correlated successful attack scenario probability. 2015-08 Thesis http://eprints.utm.my/id/eprint/54892/ http://eprints.utm.my/id/eprint/54892/1/AsharaBanuMohamedPFC2015.pdf application/pdf en public http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:95486 phd doctoral Universiti Teknologi Malaysia, Faculty of Computing Faculty of Computing |
| institution |
Universiti Teknologi Malaysia |
| collection |
UTM Institutional Repository |
| language |
English |
| topic |
QA75 Electronic computers Computer science |
| spellingShingle |
QA75 Electronic computers Computer science Mohamed, Ashara Banu Enhanced framework for alert processing using clustering approach based on artificial immune system |
| description |
The Intrusion Detection System (IDS) is an industrial-driven technology that monitors the network infrastructure of an organization from malicious intent. Although the IDS technology has advanced tremendously, one of the main issues that still remains since its beginning is the huge amount of attack alerts that have to be processed immediately on a daily basis. To manage these alerts effectively, both techniques of data reduction and correlation have to be applied concurrently. Therefore, this research proposes a framework named Intelligent Alert Processing Framework (lAPF) that incorporates both techniques named Alert Reduction Module (ARM) and Alert Correlation Module (ACM) to produce an integrated result. The ARM consists of a new clustering algorithm inspired by the Artificial Immune System (AIS) approach which is the Clonal Selection principle, while the ACM is based on pattern recognition approach. The new clustering algorithm introduces a one-to-one clustering method that first and foremost creates cluster based on a perfect matching criterion and next calculates its vulnerability level. Clusters with 0 vulnerability level will be filtered while other clusters will than proceed to ACM for attack scenario formulation and its successful attack scenario probability. The IAPF was successfully experimented using a standard simulated dataset and a real-time dataset from PRISMA (Pemantauan Rangkaian ICT Sektor Awam). The result of the experiment indicated that ARM achieved accurate clustering output, with zero cluster error within an average of 6.36 seconds processing time and the reduction rate of alerts attained is 95.34%. Meanwhile ACM managed to detect all possible attack scenarios based on the predefined patterns. The proposed framework has reduced the number of alerts, creates attack scenarios and simultaneously produced vulnerability level for each clusters and the correlated successful attack scenario probability. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Mohamed, Ashara Banu |
| author_facet |
Mohamed, Ashara Banu |
| author_sort |
Mohamed, Ashara Banu |
| title |
Enhanced framework for alert processing using clustering approach based on artificial immune system |
| title_short |
Enhanced framework for alert processing using clustering approach based on artificial immune system |
| title_full |
Enhanced framework for alert processing using clustering approach based on artificial immune system |
| title_fullStr |
Enhanced framework for alert processing using clustering approach based on artificial immune system |
| title_full_unstemmed |
Enhanced framework for alert processing using clustering approach based on artificial immune system |
| title_sort |
enhanced framework for alert processing using clustering approach based on artificial immune system |
| granting_institution |
Universiti Teknologi Malaysia, Faculty of Computing |
| granting_department |
Faculty of Computing |
| publishDate |
2015 |
| url |
http://eprints.utm.my/id/eprint/54892/1/AsharaBanuMohamedPFC2015.pdf |
| _version_ |
1747817749133918208 |