Autocorrel I: A Neural Network Based Network Event Correlation Approach

Abstract

Network event correlation is the process where correlations between network events are discovered and reported. Network intrusion detection analysts who have capable event correlation software at their disposal are more effective because the software can give an intrusion analyst a broader view of the threats posed to their system. The event correlation information is used by a network administrator to deduce the true relationship between individual network events. The autoassociator is ideally suited to the task of network event correlation. The autoassociator is a specialized piece of neural network architecture that can be used to cluster numerically similar data instances. We use the autoassociator to build prototype software to cluster network alerts generated by a Snort intrusion detection system, and discuss how the results are significant, and how they can be applied to other types of network events.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2005
Accession Number
ADA437599

Entities

People

  • Nathalie Japkowicz
  • Reuben Smith

Organizations

  • University of Ottawa

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Artificial Intelligence Software
  • Computing System Architectures
  • Data Mining
  • Detection
  • Detectors
  • Information Science
  • Information Systems
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Machine Learning
  • Network Architecture
  • Network Protocols
  • Neural Networks
  • Operating Systems
  • Supervised Machine Learning

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Neural Network Machine Learning.
  • Sensor Fusion and Tracking Systems.

Technology Areas

  • AI & ML
  • AI & ML - Neural Networks