Skip to main content
SpringerLink
Log in
Book cover

Computational Intelligence in Security for Information Systems pp 127–134Cite as

Automatic Rule Generation Based on Genetic Programming for Event Correlation

  • Conference paper

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 63))

Abstract

The widespread adoption of autonomous intrusion detection technology is overwhelming current frameworks for network security management. Modern intrusion detection systems (IDSs) and intelligent agents are the most mentioned in literature and news, although other risks such as broad attacks (e.g. very widely spread in a distributed fashion like botnets), and their consequences on incident response management cannot be overlooked. Event correlation becomes then essential. Basically, security event correlation pulls together detection, prevention and reaction tasks by means of consolidating huge amounts of event data. Providing adaptation to unknown distributed attacks is a major requirement as well as their automatic identification. This positioning paper poses an optimization challenge in the design of such correlation engine and a number of directions for research. We present a novel approach for automatic generation of security event correlation rules based on Genetic Programming which has been already used at sensor level.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OSSIM: Open source security information management (2009), http://www.ossim.net/whatis.php

  2. Center for Education and Research in information Assurance and Security of Purde University: CERIAS Security Seminar Archive - Intrusion Detection Event Correlation: Approaches, Benefits and Pitfalls, Center for Education and Research in information Assurance and Security of Purde University (March 2007)

    Google Scholar 

  3. Tjhai, G.: Intrusion detection system: Facts, challenges and futures (March 2007), http://www.bcssouthwest.org.uk/presentations/GinaTjhai2007.pdf

  4. Rice, G., Daniels, T.: A hierarchical approach for detecting system intrusions through event correlation. In: IASTED International Conference on Communication, Network, and Information Security, Phoenix, USA (November 2005)

    Google Scholar 

  5. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pp. 54–68 (2001)

    Google Scholar 

  6. Karg, D.: OSSIM Correlation engine explained (2004), http://www.ossim.net/docs/correlation_engine_explained_rpc_dcom_example.pdf

  7. Bitacora: System of centralization, management and exploitation of a company’s events, http://www.s21sec.com/productos.aspx?sec=34

  8. Fogel, L.J., Owens, A.J., Walsh, M.J.: Artificial Intelligence through Simulated Evolution. John Wiley, New York (1966)

    MATH  Google Scholar 

  9. Koza, J., Poli, R.: Introductory Tutorials in Optimization and Decision Support Techniques. Springer, Heidelberg (2005)

    Google Scholar 

  10. Tang, W., Cao, Y., Yang, X., So, W.: Study on adaptive intrusion detection engine based on gene expression programming rules. In: CSSE International Conference on Computer Science and Software Engineering, Wuhan, China (December 2008)

    Google Scholar 

  11. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)

    Google Scholar 

  12. Mukkamala, S., Sung, A.H., Abraham, A.: Modeling intrusion detection systems using linear genetic programming approach. In: Orchard, B., Yang, C., Ali, M. (eds.) IEA/AIE 2004. LNCS (LNAI), vol. 3029, pp. 633–642. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Luke, S., Panait, L., Balan, G., Paus, S., Skolicki, Z., Popovici, E., Sullivan, K., Harrison, J., Bassett, J., Hubley, R., Chircop, A.: A java-based evolutionary computation research system, http://cs.gmu.edu/~eclab/projects/ecj/

  14. Debar, H., Curry, D., Feinstein, B.: Ietf rfc 4765 - the intrusion detection message exchange format (March 2007), www.ietf.org/rfc/rfc4765.txt

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University Carlos III of Madrid, Avda. Universidad 30, 28911, Leganes, Madrid

    G. Suarez-Tangil, E. Palomar, J. M. de Fuentes, J. Blasco & A. Ribagorda

Authors
  1. G. Suarez-Tangil
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Palomar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. J. M. de Fuentes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. J. Blasco
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. A. Ribagorda
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y, Sistemas Informáticos, Escuela Politécnica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Álvaro Herrero

  2. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Paolo Gastaldo

  3. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Rodolfo Zunino

  4. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y Sistemas Informáticos, Escuela Politénica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Suarez-Tangil, G., Palomar, E., de Fuentes, J.M., Blasco, J., Ribagorda, A. (2009). Automatic Rule Generation Based on Genetic Programming for Event Correlation. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04091-7_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04090-0

  • Online ISBN: 978-3-642-04091-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation