Event Prioritization and Correlation Based on Pattern Mining Techniques

M. Lange, R. Möller, G. Lang, F. Kuhr

Abstract

With the growing deployment of host and network intrusion detection systems in increasingly large and complex communication networks, managing low-level events from these systems becomes critically important. A network has multiple tasks, which consist of multiple network services aiding the execution of a task. An emerging track of security research has focused on event prioritization and correlation to rank the criticality of events and reduce the number of low-level events. To prioritize and correlate events, the ongoing tasks in an enterprise network are identified, as the goal of network operators is to protect ongoing tasks when a security breach occurs. The prioritization of an event depends on the criticality of an ongoing task that is potentially threatened by the event. Additionally, in order to support network operators, we correlate all events that target the same task. A particular task may depend on multiple network services and involve multiple network devices. So, if one network service becomes unavailable, other network services will be affected over time since they Unfortunately, dependency details are often not documented and are difficult to discover by relying on human expert knowledge. In order to solve this problem, a network dependency analysis based on network traffic is conducted. We rely on pattern mining techniques to discover tasks in a monitored enterprise network. A formal description of the identified tasks is provided and events are prioritized and correlated based on this model. The pattern mining based network dependency analysis algorithm is evaluated based on a real-world network and three networks that where created with a network simulator.
Original languageEnglish
Title of host publication2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA)
Number of pages6
PublisherIEEE
Publication date01.12.2015
Pages1234-1239
ISBN (Print)978-1-5090-0286-3
ISBN (Electronic)978-1-5090-0287-0
DOIs
Publication statusPublished - 01.12.2015
EventIEEE 14th International Conference on Machine Learning and Applications - Miami, United States
Duration: 09.12.201511.12.2015
Conference number: 119864

DFG Research Classification Scheme

  • 409-06 Information Systems, Process and Knowledge Management

Fingerprint

Dive into the research topics of 'Event Prioritization and Correlation Based on Pattern Mining Techniques'. Together they form a unique fingerprint.

Cite this