Autocorrel I: A Neural Network Based Network Event Correlation Approach

PDF

Authors
  1. Japkowicz, N.
  2. Smith, R.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);Ottawa Univ, Ottawa ONT (CAN) School of Information Technology and Engineering
Abstract
Network event correlation is the process where correlations between network events are discovered and reported. Network intrusion detection analysts who have capable event correlation software at their disposal are more effective because the software can give an intrusion analyst a broader view of the threats posed to their system. The event correlation information is used by a network administrator to deduce the true relationship between individual network events. The autoassociator is ideally suited to the task of network event correlation. The autoassociator is a specialized piece of neural network architecture that can be used to cluster numerically similar data instances. We use the autoassociator to build prototype software to cluster network alerts generated by a Snort intrusion detection system, and discuss how the results are significant, and how they can be applied to other types of network events.
Keywords
Neural Network;Intrusion Detection System;Network Event Correlation;Autoassociator
Report Number
DRDC-OTTAWA-CR-2005-030 — Contractor Report
Date of publication
01 May 2005
Number of Pages
155
DSTKIM No
CA026114
CANDIS No
523895
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: