• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>International Journal of Innovative Computing Information and Control >AN AIS-INSPIRED ARCHITECTURE FOR ALERT CORRELATION
【24h】

AN AIS-INSPIRED ARCHITECTURE FOR ALERT CORRELATION

机译:启发式AIS启发式架构

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

There are many different approaches to alert correlation such as using correlation rules and prerequisite-consequences, using machine learning and statistical methods and using similarity measures. In this paper, iCorrelator, a new AIS-inspired architecture, is presented. It uses a three-layer architecture that is inspired by three types of responses in the human immune system: the innate immune system's response, the adaptive immune system's primary response, and the adaptive immune system's secondary response. In comparison with other correlators, iCorrelator does not need information about different attacks and their possible relations in order to discover an attack scenario. It uses a very limited number of general rules that are not related to any specific attack scenario. A process of incremental learning is used to encounter new attacks. Therefore, iCorrelator is easy to set up and work dynamically without reconfiguration. As a result of using memory cells and improved alert selection policy, the computational cost of iCorrelator is also acceptable even for online correlation. iCorrelator is evaluated by using the DARPA 2000 dataset and a netForensics honeynet data. The completeness, soundness, false correlation rate and execution time are reported. Results show that iCorrelator is able to extract the attack graphs with acceptable accuracy that is comparable to the best known solutions.
机译:有很多不同的方法来警告关联,例如使用关联规则和先决条件,使用机器学习和统计方法以及使用相似性度量。在本文中,提出了iCorrelator,这是一种受AIS启发的新架构。它使用三层体系结构,该体系结构受人类免疫系统中三种类型的响应的启发:先天免疫系统的响应,自适应免疫系统的主要响应和自适应免疫系统的次要响应。与其他相关器相比,iCorrelator不需要有关不同攻击及其可能关系的信息即可发现攻击场景。它使用数量非常有限的与任何特定攻击情形都不相关的通用规则。增量学习的过程用于遇到新的攻击。因此,无需重新配置,iCorrelator易于设置和动态工作。通过使用存储单元和改进的警报选择策略,即使对于在线关联,iCorrelator的计算成本也是可以接受的。通过使用DARPA 2000数据集和netForensics honeynet数据评估iCorrelator。报告完整性,健全性,错误相关率和执行时间。结果表明,iCorrelator能够以可接受的准确性提取攻击图,该准确性可与最知名的解决方案相提并论。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号