Computer Science ›› 2019, Vol. 46 ›› Issue (8): 64-70.doi: 10.11896/j.issn.1002-137X.2019.08.010

• Big Data & Data Science • Previous Articles     Next Articles

Alert Correlation Algorithm Based on Improved FP Growth

LU Xian-guang, DU Xue-hui, WANG Wen-juan   

  1. (Information Engineering University,Zhengzhou 450001,China)
  • Received:2018-11-06 Online:2019-08-15 Published:2019-08-15

Abstract: The original alerts generated by intrusion detection system have some shortcomings,such as low level,mutual isolation and irrelevance,which makes security managers be difficult to find unknown and high-level security threats and cannot understand the overall security situation of the target network.In order to make use of low-level alerts to construct attack scenarios,this paper analyzed the existing alert correlation knowledge,and proposed a new alert correlation algorithm based on data mining to solve the problem of poor performance of existing algorithms when dealing with sparse data.In this paper,firstly,the existing alert correlation algorithms were compared,then the principles and merits and demerits of classical Apriori algorithm and FP growth algorithm were elaborated,and the FP growth algorithm was improved based on two-dimensional table.Finally,the improved algorithm was used to mine the association rules between the alerts,and thus the alert correlation was proceeded.In order to verify the feasibility and performance of the proposed method,the Darpa data set is utilized to carry out relevant simulation tests.The experimental results show that the proposed scheme can achieve better alert correlation.

Key words: Intrusion detection, Alert correlation, Correlation analysis, FP growth algorithm

CLC Number: 

  • TP393.08
[1] VALDES A,SKINNER K.Probabilistic Alert Correlation [C]∥ International Symposium on Recent Advances in Intrusion Detection.Springer-Verlag,2001:54-68.
[2] GAO H S,LI Y M.An ASON Alarm Correlation Method Based on Hierarchical Attribute Similarity Clustering[J].Science Technology and Engineering,2015(6):210-214.(in Chinese) 高会生,李英敏.一种基于分层属性相似度聚类的 ASON 告警关联分析方法[J].科学技术与工程,2015(6):210-214.
[3] ZHU L N,ZHANG Z C.Research on hierarchical alerts correlation based on causality[J].Application Research of Computers,2016,33(3):848-850(in Chinese) 朱丽娜,张作昌.基于因果关系的分层报警关联研究[J].计算机应用研究,2016,33(3):848-850.
[4] TEMPLETON S J,LEVITT K.A requires/provides model for computer attacks[C]∥Proceedings of the 2000 workshop on New security paradigms.ACM,2001:31-38.
[5] MORIN B,MÉ L,DEBAR H,et al.A logic-based model to support alert correlation in intrusion detection[J].Information Fusion,2009,10(4):285-299.
[6] JAJODIA S,NOEL S,KALAPA P,et al.Cauldron mission-centric cyber situational awareness with defense in depth[C]∥MILCOM.2011:1339-1344.
[7] YU D,FRINCKE D.Improving the quality of alerts and predicting intruder’s next goal with Hidden Colored Petri-Net[J].Computer Networks,2007,51(3):632-654.
[8] WANG S,TANG G M,KOU G,et al.Attack path prediction method based on causal knowledge net[J].Journal on Communications,2016,37(10):188-198.(in Chinese) 王硕,汤光明,寇广,等.基于因果知识网络的攻击路径预测方法[J].通信学报,2016,37(10):188-198.
[9] ZHANG J,LI X P,WANG H J,et al.Real-time alert correlation approach based on attack planning graph[J].Journal of Compu-ter Applications,2016,36(6):1538-1543.(in Chinese) 张靖,李小鹏,王衡军,等.基于攻击规划图的实时报警关联方法[J].计算机应用,2016,36(6):1538-1543.
[10] NURBOL.Research on Anomaly Detection Based on Data Mi- ning and Multi-stage Intrusion Alert Correlation[D].Changchun:Jilin University,2010.(in Chinese) 努尔布力.基于数据挖掘的异常检测和多步入侵警报关联方法研究[D].长春:吉林大学,2010.
[11] SONG S S.Study of Integrated alert correlation based on data mining and attack graphs[D].Shanghai:Shanghai Jiao Tong University,2009(in Chinese) 宋珊珊.基于数据挖掘及攻击图的告警综合关联研究[D].上海:上海交通大学,2009.
[12] MEI H B,GONG J,ZHANG M H.Research on discovering multi-step attack patterns based on clustering IDS alert sequences[J].Journal on Communications,2011,32(5):63-69.(in Chinese) 梅海彬,龚俭,张明华.基于警报序列聚类的多步攻击模式发现研究[J].通信学报,2011,32(5):63-69.
[13] LIU J.Research on Key Technologies of Intrusion Detection and Alert Association Based on Machine Learning[D].Beijing:Beijing University of Posts and Telecommunications,2016.(in Chinese) 刘敬.基于机器学习的入侵检测和告警关联关键技术研究[D].北京:北京邮电大学,2016.
[14] LI H C,WU X P.Network Intrusion Correlation Method with Differential Privacy Protection of Alerts Sequence[J].Computer Engineering,2018,487(5):134-138.(in Chinese) 李洪成,吴晓平.支持告警序列差分隐私保护的网络入侵关联方法[J].计算机工程,2018,487(5):134-138.
[15] AGRAWAL R,IMIELIN'SKI T,SWAMI A.Mining association rules between sets of items in large databases[C]∥Acm Sigmod Record.ACM,1993,22(2):207-216.
[16] HAN J,PEI J,YIN Y.Mining frequent patterns without candidate generation[C]∥ACM Sigmod Record.ACM,2000,29(2):1-12.
[17] LU X,DU X,WANG W.An Alert Aggregation Algorithm Based on K-means and Genetic Algorithm[C]∥IOP Conference Series:Materials Science and Engineering.IOP Publishing,2018,435(1):012031.
[18] LU X,DU X,WANG W.Network IDS Duplicate Alarm Reduction Using Improved SNM Algorithm[C]∥2018 IEEE 3rd International Conference on Image,Vision and Computing (ICIVC).IEEE,2018:767-774.
[1] YU Tian-qi, HU Jian-ling, JIN Jiong, YANG Jian-feng. Mobile Edge Computing Based In-vehicle CAN Network Intrusion Detection Method [J]. Computer Science, 2021, 48(1): 34-39.
[2] ZHANG Qin, CHEN Hong-mei, FENG Yun-fei. Overlapping Community Detection Method Based on Rough Sets and Density Peaks [J]. Computer Science, 2020, 47(5): 72-78.
[3] LI Gang, WANG Chao, HAN De-peng, LIU Qiang-wei, LI Ying. Study on Multimodal Image Genetic Data Based on Deep Principal Correlated Auto-encoders [J]. Computer Science, 2020, 47(4): 60-66.
[4] RU Feng, XU Jin, CHANG Qi, KAN Dan-hui. High Order Statistics Structured Sparse Algorithm for Image Genetic Association Analysis [J]. Computer Science, 2019, 46(4): 66-72.
[5] CAO Wei-dong, XU Zhi-xiang, WANG Jing. Intrusion Detection Based on Semi-supervised Learning with Deep Generative Models [J]. Computer Science, 2019, 46(3): 197-201.
[6] CHEN Zheng, TIAN Bo, HE Zeng-you. PPI Network Inference Algorithm for PCP-MS Data [J]. Computer Science, 2019, 46(12): 313-321.
[7] GAO Zhong-shi, SU Yang , LIU Yu-dong. Study on Intrusion Detection Based on PCA-LSTM [J]. Computer Science, 2019, 46(11A): 473-476.
[8] CHEN Feng, MENG Zu-qiang. Study on Heterogeneous Multimodal Data Retrieval Based on Hash Algorithm [J]. Computer Science, 2019, 46(10): 49-54.
[9] DING Hong-wei, WAN Liang, ZHOU Kang, LONG Ting-yan, XIN Zhuang. Study on Intrusion Detection Based on Deep Convolution Neural Network [J]. Computer Science, 2019, 46(10): 173-179.
[10] CHEN Li-li, ZHU Feng, SHENG Bin, CHEN Zhi-hua. Quality Evaluation of Color Image Based on Discrete Quaternion Fourier Transform [J]. Computer Science, 2018, 45(8): 70-74.
[11] MA Zhan-fei, CHEN Hu-nian, YANG Jin, LI Xue-bao and BIAN Qi. Novel Network Intrusion Detection Method Based on IPSO-SVM Algorithm [J]. Computer Science, 2018, 45(2): 231-235.
[12] NIU Lei and SUN Zhong-lin. PCA-AKM Algorithm and Its Application in Intrusion Detection System [J]. Computer Science, 2018, 45(2): 226-230.
[13] NIE Kai, ZHOU Qing-lei, ZHU Wei-jun and ZHANG Chao-yang. Modeling for Three Kinds of Network Attacks Based on Temporal Logic [J]. Computer Science, 2018, 45(2): 209-214.
[14] LI Guang-pu, HUANG Miao-hua. Research Progress and Mainstream Methods of Frequent Itemsets Mining [J]. Computer Science, 2018, 45(11A): 1-11.
[15] XING Rui-kang, LI Cheng-hai. Research on Intrusion Detection System Method Based on Intuitionistic Fuzzy Sets [J]. Computer Science, 2018, 45(11A): 344-348.
Full text



[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .