Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks
Lohith Raj S N1, Shanthi M B2, Jitendranath Mungara3
1Lohith Raj S N, M.Tech, Computer Science and Engineering, CMRIT, Bangalore, India.
2Mrs. Shanthi M B, Assistant Professor, Dept of CSE, CMRIT, Bangalore, India
3Dr. Jitendranath Mungara, Professor and Dean, Dept of CSE and ISE, CMRIT, Bangalore, India
Manuscript received on July 01, 2012. | Revised Manuscript received on July 05, 2012. | Manuscript published on July 10, 2012. | PP: 92-96 | Volume-1, Issue-2, July 2012. | Retrieval Number: B0167071212/2012©BEIESP
Open Access | Ethics and Policies | Cite
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: – Protecting data from the intruders on internet or on the host systems is a very tedious task. The Intrusion Detection System is a technology for detecting suspicious actions or malicious behavior in a system from the unauthorized users or so called intruders. Alerts are produced during the intrusion activity, but when more number of alerts is produced then handling of these alerts becomes difficult on IDS. In this paper, we propose a layered approach for IDS where the alert information is represented dynamically in the form of layers and we propose an alert aggregation algorithm where an attack instance is created for similar type of alerts produced and this is clustered to form a meta-alert which can reduce the number of alerts produced without losing any information. This technique has approaches like generative modeling, in this case the beginning as well as the completion of attack properties and details can be detected and it is a data stream approach, where duplicate or the alerts which are observed many number of times are processed only a few times. By applying these techniques and alert aggregation we can reduce the number of false alert rate and number of alerts. The goal of the project is to generate meta-alerts from the proposed alert aggregation algorithm and represent all the alert information or the intruder activity on a dynamically representing model. The alert produced and the details of the alert and the action taken are represented in the form of layers on a distinctive layered model. The details of the alert are represented using these layers and further to form a meta-alert. Meta-alerts contain all the relevant information but the amount of data can be reduced progressively. Using the data sets, it is possible to reduce the number of alerts produced while number of missing meta-alerts is extremely low and represent all the alert information in the form of layers on a model.
Keywords: Network Security, Intrusion Detection, Alert Aggregation, Data-Stream Approach.