Analysis of Alert Correlation in Honeynet

doi:10.13190/jbupt.200806.63.wub

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2008, Vol. 31 ›› Issue (6): 63-66.doi: 10.13190/jbupt.200806.63.wub

• Papers • Previous Articles Next Articles

Analysis of Alert Correlation in Honeynet

WU Bin, ZHENG Kang-feng, YANG Yi-xian

(State Key Laboratory of Networking and Switching Technology,
Beijing University of Posts and Telecommunications, Beijing 100876, China)

Received:2007-12-10 Revised:2008-07-09 Online:2008-12-31 Published:2008-12-31
Contact: WU Bin

Abstract

Abstract:

A honeynet architecture with the analysis model of alerts is proposed. The new design of honeynet combines alerts of network intrusion detection system NIDS and HIDS to find out the correlations among them. The alerts are filtered and merged using the network information and similarity membership function. An improved Apriori algorithm is applied to discover the alert correlation knowledge which is matched to construct attack scenarios. Experiments demonstrate that with the analysis model of IDS alerts the redundant IDS alerts decrease efficiently and the correlation relationships of different attacks are constructed accurately

Key words: Honeynet, Intrusion detection, alert correlation

CLC Number:

TP393.08

WU Bin, ZHENG Kang-feng, YANG Yi-xian

. Analysis of Alert Correlation in Honeynet[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(6): 63-66.

[1]	WANG Yi-fei, MO Shuang, WU Wen-rui, FAN Shao-hua, XIAO Ding. Internal-External Convolutional Networks for Network Intrusion Detection [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(5): 94-100.
[2]	LI Min-zheng, LAN Jian-ping. Smart Home Intrusion Detection Algorithm Based on Spatial-Temporal Field Information Fusion [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2017, 40(3): 76-84.
[3]	YAO Yun-zheng, YANG An, SHI Zhi-qiang, SUN Li-min. Application of BP Neural Network Model in Device State Detection of Industrial Control System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(s1): 14-18.
[4]	HU Yi-xun, ZHENG Kang-feng, WU Bin, YANG Yi-xian. A Dynamic Virtual Honeynet System Using Openflow [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(6): 104-108,119.
[5]	ZHANG Ling, BAI Zhong-ying, XIE Kang. Dynamic Intrusion Detections with Vaccination [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 77-82.
[6]	XIN Yang, WEI Jing-zhi, Xiu Xin-xin . A Fast Multiple Pattern Matching Using in Intrusion Detection [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2008, 31(3): 19-23.
[7]	. Intrusion Detection Technology Based on KFDA-SVM [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2007, 29(s1): 27-31.
[8]	杜晔1, GUO You-yan2. Research on a message driven communication scheme for distributed intrusion detection [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2006, 29(s2): 122-126.
[9]	YANG Wu, FANG Bin-xing, YUN Xiao-chun, ZHANG Hong-li, HU Ming-zeng. Research and Implementation of a High-Performance Distributed Intrusion Detection System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2004, 27(4): 83-86.
[10]	LUO Shou-shan 1,CHEN Ya-juan 2,SONG Chuan-heng 2,WANG Zi-liang 2,NIU Xin-xin 2,YANG Yi-xian 2. An Abnormal Intrusion Detection Model Based on User's Keystrokes [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2003, 26(4): 85-89.
[11]	CHAI Ping xuan, GONG Xiang yang, CHENG Shi duan. Research on Distributed Intrusion Detection [J]. Journal of Beijing University of Posts and Telecommunications, 2002, 25(2): 68-73.
[12]	ZENG Zhi-feng, YANG Yi-xian. Design and Implement of a New Intrusion Detection and Recovery System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2001, 24(2): 56-60.

Analysis of Alert Correlation in Honeynet

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 12

Recommended Articles

Metrics

Comments