Autocorrel II – Unsupervised Network Event Correlation Using Neural Networks

PDF

Authors
  1. Japkowicz, N.
  2. Smith, R.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);Ottawa Univ, Ottawa ONT (CAN) School of Information Technology and Engineering
Abstract
Network event correlation is the process where relationships between intrusion detection system alerts or other network events are discovered and reported. An accurate network event correlation system can enable the intrusion detection analyst to find important events more easily. We present a system that uses unsupervised machine learning algorithms to create an effective and maintenance-free way to do network event correlation. The system uses the autoassociator, a type of neural network architecture, to find the relationships between related network events hidden in a collection of unrelated data. We demonstrate our system using intrusion alerts generated by a Snort intrusion detection system and discuss the overall performance of our system.
Keywords
Neural Network;Intrusion Detection System;Network Event Correlation;Alert Correlation;Autoassociator
Report Number
DRDC-OTTAWA-CR-2005-155 — Contractor Report
Date of publication
01 Mar 2005
Number of Pages
191
DSTKIM No
CA026674
CANDIS No
524589
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: