Skip to main content
Conference ProceedingsOPEN ACCESS

Near real-time intrusion alert aggregation using concept-based learning

Proceedings of the 18th ACM International Conference on Computing Frontiers 2021, CF 2021 (2021) 152-160
DOI: 10.1145/3457388.3458663
7Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.

Abstract

Intrusion detection systems generate a large number of streaming alerts. It can be overwhelming for analysts to quickly and effectively find related alerts stemmed from correlated attack actions. What if fast arriving alerts could be automatically processed with no prior knowledge to find related actions in near real-time? The Concept Learning for Intrusion Event Aggregation in Realtime (CLEAR) system aims to learn and update an evolving set of temporal 'concepts, ' each consisting of aggregates of related alerts that exhibit similar statistical arrival patterns. With no training data, the system constructs the concepts in near real-time from statistically similar alert aggregates. Tracked concepts are then applied to incoming alerts for fast and high-fidelity aggregation. The concepts learned by CLEAR are significantly more unique and invariant when compared to those learned by alternative drift detection methods. Furthermore, it provides insights for how specific individual, or co-occuring, alerts arrive with distinct and consistent temporal patterns.

Author supplied keywords

References Powered by Scopus

The Kolmogorov-Smirnov Test for Goodness of Fit

Journal of the American Statistical Association
5202Citations
N/AReaders
Get full text

Learning from time-changing data with adaptive windowing

Proceedings of the 7th SIAM International Conference on Data Mining
1292Citations
N/AReaders
Get full text

Intrusion detection system: A comprehensive review

Journal of Network and Computer Applications
1213Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Evolving cybersecurity frontiers: A comprehensive survey on concept drift and feature dynamics aware machine and deep learning in intrusion detection systems

Engineering Applications of Artificial Intelligence
12Citations
N/AReaders
Get full text

An Analysis of Temporal Features in Multivariate Time Series to Forecast Network Events

Applied Sciences (Switzerland)
1Citations
N/AReaders
Get full text

Exploring Hierarchical Patterns for Alert Aggregation in Supercomputers

Proceedings - International Symposium on Software Reliability Engineering, ISSRE
0Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Werner, G., Yang, S. J., & McConky, K. (2021). Near real-time intrusion alert aggregation using concept-based learning. In Proceedings of the 18th ACM International Conference on Computing Frontiers 2021, CF 2021 (pp. 152–160). Association for Computing Machinery, Inc. https://doi.org/10.1145/3457388.3458663

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 1

50%

Researcher 1

50%

Readers' Discipline

Tooltip

Computer Science 2

100%

Save time finding and organizing research with Mendeley

Sign up for free