Abstract
Intrusion detection systems in mobile networks tend to generate a high rate of false alarms, leading to poor intrusion detection performance and affecting adversely the computing, storage, and network resources of systems. To mitigate the adverse impact of false alarms on intrusion detection and bandwidth utilization, this chapter presents a novel real-time alert aggregation technique and a corresponding dynamic probabilistic model for mobile networks. This model-driven technique collaboratively aggregates alerts in real-time, based on alert correlations, bandwidth allocation, and an optional feedback mechanism. The idea behind this technique is to adaptively manage alert aggregation and transmission for a given bandwidth allocation. This adaptive management allows the prioritization and transmission of aggregated alerts in accordance with their importance. The performance results of the proposed technique are obtained by running simulations on the data collected from an enterprise-scale production network intrusion detection system. Simulation results have shown a reduction of 99.92 % in the amount of alerts and a reduction of an average of 51 % in disk and bandwidth utilization, depending on the amount of raw packet capture data included in the aggregation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
F. Cuppens, Managing alerts in a multi-intrusion detection environment, in Proceedings of the 17th Annual Computer Security Applications Conference, 2001
H. Farhadi, M. Amirhaeri, M. Khansari, Alert correlation and prediction using data mining and HMM. ISC Int. J. Inform. Secur. 3 (2), (2011), 1–25
R. Sadoddin, A. Ghorbani, Alert correlation survey: framework and techniques, in PST’06: Proceedings of the 2006 International Conference on Privacy, Security and Trust, New York, 2006, pp. 1–10
D. Curry, H. Debar, Intrusion detection working group: Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. RFC 4765, Internet-Draft (2003): 21–26
F. Cuppens, A. Miege, Alert correlation in a cooperative intrusion detection framework, in SP ‘02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, 2002, p. 202
T. He, B. Blum, J. Stankovic, T. Abdelzaher, AIDA: Adaptive application-independent data aggregation in wireless sensor networks, in ACM Trans. Embedded Comput. Syst 3.2 (2004): 426–457
S. Marti, T. Giuli, K. Lai, M. Baker, Mitigating routing misbehavior in mobile ad hoc networks, in The 6th Annual International Conference on Mobile Computing and Networking (MobiCom’00), Boston, 2000, pp. 255–265
Y. Zhang, W. Lee, intrusion detection in wireless ad hoc networks, in The 6th Annual International Conference on Mobile Computing and Networking (MobiCom’00), Boston, 2000, pp. 275–283
B. Sun, K. Wu, Alert aggregation in mobile ad hoc networks, in Proceedings of the 2nd ACM Workshop on Wireless Security, Wise 03, pp 69–78
C. Landwehr, A. Bull, J. McDermott, W. Choi, A taxonomy of computer program security flaws, with examples, Technical report, Naval Research Laboratory, Nov. 1993
U. Lindqvist, E. Jonsson, How to systematically classify computer security intrusions, in IEEE Symposium on Security and Privacy (1997), pp. 154–163
F. Cuppens, A. Miege, Alert correlation in a cooperative intrusion detection framework, in SP ’02: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, 2002, p. 202
L. Wang, A. Ghorbani, Y. Li, Automatic multi-step attack pattern discovering. Int. J. Netw. Secur. 10(2), 142–152 (2010)
E Valdes, K. Skinner, Probabilistic alert correlation. Lect. Notes Comput. Sci. 2212, 54–68 (2001)
K. Julisch, Clustering intrusion detection alarms to support root cause analysis. ACM Trans. Inf. Syst. Secur. 6(4), 443–471 (2003)
B. Morin, L. Me, H. Debar, M. Ducasse, M2d2: a formal data model for ids alert correlation, in RAID (2002), 115–127
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Cam, H., Mouallem, P.A., Pino, R.E. (2014). Alert Data Aggregation and Transmission Prioritization over Mobile Networks. In: Pino, R. (eds) Network Science and Cybersecurity. Advances in Information Security, vol 55. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7597-2_13
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7597-2_13
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-7596-5
Online ISBN: 978-1-4614-7597-2
eBook Packages: Computer ScienceComputer Science (R0)