پديد آورنده :
ايمانيان بيدگلي، محمد
عنوان :
ارائه يك راهكار جديد مبتني بر داده كاوي جهت همبسته سازي هشدارهاي تشخيص نفوذ
مقطع تحصيلي :
كارشناسي ارشد
گرايش تحصيلي :
هوش مصنوعي
محل تحصيل :
اصفهان: دانشگاه صنعتي اصفهان، دانشكده برق و كامپيوتر
صفحه شمار :
[نه]،79ص.:مصور،جدول،نمودار
يادداشت :
ص.ع.به فارسي و انگليسي
استاد راهنما :
عبدالرضا ميرزايي
استاد مشاور :
مهدي برنجكوب
تاريخ نمايه سازي :
18/4/93
دانشكده :
مهندسي برق و كامپيوتر
چكيده انگليسي :
A new approach for alert correlation based on data mining Mohammad Imanian Bidgoli and m imanian@ec iut ac ir Date of Submission 2014 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language FarsiSupervisor Dr Abdolreza Mirzaei mirzaei@cc iut ac ir Asvisor Dr Mehdi Berenjkoub brnjkb@cc iut ac irAbstractWith the daily growing use of computer networks especially Internet the growing skill of the usersand intruders and also with the presence of vulnerable points in softwares securing systems ofcomputer networks become more important than before An important tool for detecting attacks incomputer networks is Intrusion Detection System IDS Today the most important challenge forusing these tools is the high volume of alerts created by the system which practically makes the alertinvestigation impossible To overcome this challenge a huge volume of research has been made inthe preprocessing and alert correlation steps of the IDS Totally alert correlation methods aredivided in to two categories knowledge based alert correlation and inference based alert correlation Inference based methods use statistical analysis and artificial intelligent techniques for alertcorrelating This thesis tries to present an efficient and effective approach for alert correlation basedon data mining techniques and statistical analysis In this research it is tried to identify the mainnecessities of a correlation system and then implement them using efficient algorithms Thepresented approach tries to detect the pattern behind the occurrence of alerts and provide them forsystem manager in the form of correlation rules as characteristics of this method can be mention isSimultaneously use of knowledge base and alert occurrence information non use time window Andthus no restrictions on the detection of slow attacks No need for training detection Differentcomplex types of attack such as one to many and many to one patterns and Ability of detect Regularpattern that produce by malware and other Suspicious software we use DARPA2000 dataset toevaluation this algorithm and compare our method with two similar reference methods Experimentalresults show that the proposed method has the ability to compete the best research done in this field even the knowledge based techniques Keywords Alert correlation data minig Intrusion detection alert pattern discovery
استاد راهنما :
عبدالرضا ميرزايي
استاد مشاور :
مهدي برنجكوب
