Mining and Ranking Incidents for High Priority Intrusion Analysis

Show simple item record

dc.contributor Vrbsky, Susan
dc.contributor Dixon, Brandon
dc.contributor Smith, Randy
dc.contributor Chen, Bernard
dc.contributor.advisor Atkison, Travis Haque, Md Shariful 2022-04-13T20:33:51Z 2027-09-01 2020
dc.identifier.other u0015_0000001_0004212
dc.identifier.other Haque_alatus_0004D_14210
dc.description Electronic Thesis or Dissertation
dc.description.abstract Threats and intrusions are increasing at an alarming rate, even though related technologies have observed rapid advancement. Hence, advanced threat analysis has become imperative to improve current technologies. These technologies are primarily designed to detect or predict threats and minimize the likelihood of damage. The goal of an efficient intrusion analysis is also to develop models unwavering to any external influences and produce optimized results. Several data mining techniques have been applied in these scenarios to detect both anomaly and misuse, predict possible attack paths, or generate attack models. Some consider determining the priority, an important criterion of alerts, using different characteristics of the attack scenarios. In this dissertation, novel priority-based alert mining techniques and a ranking model are proposed to prioritize sequences of alerts and to realize their actual effect which is often misunderstood due to the generic taxonomies used by detection systems. This dissertation has the following contributions: First, a novel data mining-based alert sequence mining technique is proposed to discover potential attacks from intrusion alerts. Intrusion detection systems maintain signatures of intrusions with a severity scale. This information has been leveraged predominantly in the proposed data mining-based alert association approach. This approach reduces the effort of post-processing alert sequences and calculating their severity when the relationship is established. Second, a non-redundant high priority association rules mining technique is proposed based on theories and background of non-redundant association rule mining. Such techniques are highly adopted to determine the correlation between items in sequences and to develop efficient prediction models with a reduced volume of derived data. Third, the above mining approaches facilitate the process of extracting severe incidents based on priority. However, severity levels determined by the detection system are generic; thus, their real consequences are hard to perceive. Multi-criteria decision making is a prominent research area to assess different alternatives. The proposed approach is equipped with a combination of MCDM techniques to further rank the prioritized threats based on several benchmarks. The novelty of our technique is to consider the priority level of alerts at prior stages of attack analysis and later determine the overall attack scenario.
dc.format.medium electronic
dc.format.mimetype application/pdf
dc.language English
dc.language.iso en_US
dc.publisher University of Alabama Libraries
dc.relation.ispartof The University of Alabama Electronic Theses and Dissertations
dc.relation.ispartof The University of Alabama Libraries Digital Collections
dc.relation.hasversion born digital
dc.rights All rights reserved by the author unless otherwise indicated.
dc.title Mining and Ranking Incidents for High Priority Intrusion Analysis
dc.type thesis
dc.type text University of Alabama. Department of Computer Science Computer science The University of Alabama doctoral Ph.D.

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace


My Account