AIDA Framework: Real-Time Correlation and Prediction of Intrusion Detection Alerts

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F19%3A00109946" target="_blank" >RIV/00216224:14610/19:00109946 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/doi/10.1145/3339252.3340513" target="_blank" >https://dl.acm.org/doi/10.1145/3339252.3340513</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3339252.3340513" target="_blank" >10.1145/3339252.3340513</a>

Jazyk výsledku

angličtina

Název v původním jazyce

AIDA Framework: Real-Time Correlation and Prediction of Intrusion Detection Alerts

Popis výsledku v původním jazyce

In this paper, we present AIDA, an analytical framework for processing intrusion detection alerts with a focus on alert correlation and predictive analytics. The framework contains components that filter, aggregate, and correlate the alerts, and predict future security events using the predictive rules distilled from historical records. The components are based on stream processing and use selected features of data mining (namely sequential rule mining) and complex event processing. The framework was deployed as an analytical component of an alert sharing platform, where alerts from intrusion detection systems, honeypots, and other data sources are exchanged among the community of peers. The deployment is briefly described and evaluated to illustrate the capabilities of the framework in practice. Further, the framework may be deployed locally for experimentations over datasets.

Název v anglickém jazyce

AIDA Framework: Real-Time Correlation and Prediction of Intrusion Detection Alerts

Popis výsledku anglicky

In this paper, we present AIDA, an analytical framework for processing intrusion detection alerts with a focus on alert correlation and predictive analytics. The framework contains components that filter, aggregate, and correlate the alerts, and predict future security events using the predictive rules distilled from historical records. The components are based on stream processing and use selected features of data mining (namely sequential rule mining) and complex event processing. The framework was deployed as an analytical component of an alert sharing platform, where alerts from intrusion detection systems, honeypots, and other data sources are exchanged among the community of peers. The deployment is briefly described and evaluated to illustrate the capabilities of the framework in practice. Further, the framework may be deployed locally for experimentations over datasets.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019)

ISBN

9781450371643

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

„81:1“-„81:8“

Název nakladatele

ACM

Místo vydání

New York

Místo konání akce

Canterbury

Datum konání akce

26. 8. 2019

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000552726400081