Year of Publication: Jun - 2012
Page Numbers: 174-181
Authors: Maheyzah Md Siraj, Mohd Aizaini Maarof, Siti Zaiton Mohd Hashim
Conference Name: The International Conference on Informatics and Applications (ICIA2012)
- Malaysia


Protecting and assuring confidential information on the internet is a crucial need. Many organizations have installed multiple security sensors for complete monitoring and detection (for example the deployment of network-based Intrusion Detection Systems (NIDSs) in a distributed network). In effect, an enormous number of alerts are generated in a different kind of formats. This overburden the Security Analyst (SA) to conduct manual alert correlation (AC) since it would be tedious, labour intensive and worst, error prone. One of the important tasks in the AC is recognizing the causes of the alerts. Therefore, in this paper we propose a new AC approach that based on classification method in order to recognize the causes of known and new incoming alerts. The classification is designed using hybridization of statistical Improved Unit Range (IUR) to scale the alerts, Principal Component Analysis (PCA) to reduce the dimensionality of raw alerts, and Levenberg-Marquardt (LM) Backpropagation supervised learning algorithm on two-layer feed forward neural networks to determine the membership of the cause/attack stage. The empirical results show that the proposed approach gives better results in terms of classification accuracy and error rate even with large scale and highly redundant training data. This can save much extra efforts spent on manual correlation of a huge volume of raw alerts.