Open Access Open Access  Restricted Access Subscription or Fee Access

Self-Learning SIEM System Using Association Rule Mining

Ravi Raman Tiwari, Anil Kumar Singh, Dr. Vrijendra Singh

Abstract


The rise of new security threats similar to polymorphic multi-step attacks, have made security something just more than perimeter defence, IDS/IPS, Firewalls, Anti-virus etc. Although, security techniques have evolved a lot, so have the attacks. Hence, a comprehensive solution is required wherein all the sensory controls can work in coherence. In this paper, we intend to propose a SIEM system with the self-learning capability which can produce optimized and efficient correlation directives for analysing events in a network, system etc. with the least possible human intervention. We propose a SIEM system with classification-based directives, utilising association rule mining to discover relationships between the event logs and generate rules, based on which we construct classifiers which can distinguish between normal and abnormal behaviour.

 

Cite this Article

Ravi Raman Tiwari, Anil Kumar Singh, Vrijendra Singh. Self-Learning SIEM System Using Association Rule Mining. Journal of Advanced Database Management & Systems. 2015; 2(2): 10–23p.


Keywords


SIEM, Self-learning SIEM, Intrusion detection, Association rule mining, Classification-based directives

Full Text:

PDF

References


Available at: http://en.wikipedia.org/wiki/Security_information_and_event_management, last accessed on: 21/2/2015.

Available at: http://searchsecurity.techtarget. com/definition/security-information-and-event-management-SIEM, last accessed on: 21/2/2015.

Available at: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, Last Acces-sed on 02/03/2015.

Cannady James. Artificial neural networks for misuse detection. National Information Systems Security Conference. 1998;

Zhang Z, Li J, Manikopoulos CN, et al. HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proc. IEEE Workshop on Information Assurance and Security; 2001. 85–90p.

Lichodzijewski, Peter A, NurZincir-Heywood, et al. Host-based intrusion detection using self-organizing maps. IEEE International Joint Conference on Neural Networks; 2002.

Moradi Mehdi, Mohammad Zulkernine. A neural network based system for intrusion detection and classification of attacks. Proceedings of the 2004 IEEE International Conference on Advances in Intelligent Systems-Theory and Applications; 2004.

Golovko Vladimir, Pavel Kochurko. Intrusion recognition using neural networks. Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications IEEE. 2005; 108–111p.

Tjhai Gina. Intrusion detection system: Facts, challenges and futures. 2007. 1–20p.

Ahmad Iftikhar, Azween B Abdullah, Abdullah S Alghamdi. Artificial neural network approaches to intrusion detection: a review. WSEAS International Conference. Proceedings. Mathematics

and Computers in Science and Engineering. 2009; 200–205p.

Kachurka Pavel, Vladimir Golovko. Fusion of Recirculation Neural Networks for Real-Time Network Intrusion Detection and Recognition. International Journal of Computing. 2012; 11(4):383–390p.

Suarez-Tangil, Guillermo, et al. Providing SIEM systems with self-adaptation. Information Fusion. 2013; 21: 145–158p.

Timmis Jon, Mark Neal. A resource limited artificial immune system for data analysis. Knowledge-Based Systems. 2001; 14(3): 121–130p.

Watkins Andrew, Jon Timmis, Lois Boggess. Artificial immune recognition system (AIRS): An immune-inspired supervised learning algorithm. Genetic Programming and Evolvable Machines. 2004; 5(3): 291–317p.

Aickelin Uwe, Julie Greensmith. Sensing danger: Innate immunology for intrusion detection. Information Security Technical Report. 2007; 12(4): 218– 227p.

Suarez-Tangil, Guillermo, et al. Artificial immunity-based correlation system. SECRYPT. 2011.

Suarez-Tangil, Guillermo, Esther Palomar, et al. Towards an intelligent security event information management system. 2013.

Sinclair Chris, Lyn Pierce, Sara Matzner. An application of machine learning to network intrusion detection. Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual. IEEE; 1999. 371–377p.

Eskin, Eleazar, et al. A geometric framework for unsupervised anomaly detection. Applications of Data Mining in Computer Security. Springer US. 2002; 6: 77–101.

David Swift. A Practical Application of SIM/SEM/SIEM Automating. Threat Identification. SANS Reading Room. 2006.

Tsai, Chih-Fong, et al. Intrusion detection by machine learning: A review. Expert Systems with Applications. 2009; 36(10): 11994–12000p.

Alex Pinto. Secure because Math: A deep-dive on Machine Learning‐based

Monitoring. Black Hat Briefings USA. 2014.

Alvaro A. Cárdenas, Pratyusa K. Manadhata. Big data analytics for security. System Security. 2013; 74–76p.

Gupta Bhawna, Kiran Jyoti. Big data analytics with hadoop to analyze targeted attacks on enterprise data. International Journal of Computer Science and Information Technologies. 2014; 5(3): 3867–3870p.

Virvilis Nikos, Oscar Serrano, Luc Dandurand. Big data analytics for sophisticated attack detection. http://www.cis.aueb.gr/Publications/ISACA%20 %20Big%20data%20analytics%20for%20intrusion%20detection.pdf

Crosbie Mark, Gene Spafford. Applying genetic programming to intrusion detection. Working Notes for the AAAI Symposium on Genetic Programming. MIT, Cambridge, MA, USA: AAAI; 1995.

Somayaji Anil, Steven Hofmeyr, Stephanie Forrest. Principles of a computer immune system. Proceedings of the 1997 Workshop on New Security Paradigms. ACM; 1998.

Dasgupta Dipankar. Immunity-based intrusion detection system: a general framework. Proc. of the 22nd NISSC; 1999.

Li Wei. Using genetic algorithm for network intrusion detection. Proceedings of the United States Department of Energy Cyber Security Group; 2004. 1–8p.

Sadiq Ali M Khan. Rule based network intrusion detection using genetic algorithm. International Journal of Computer Applications. 2011; 18(8): 26–29p.

Zainal Anazida, et al. Design of adaptive IDS with regulated retraining approach. Advanced Machine Learning Technologies and Applications. Springer Berlin Heidelberg. 2012; 322: 590–600p.

Suarez-Tangil, Guillermo, et al. Automatic rule generation based on genetic programming for event correlation. Computational Intelligence in Security for Information Systems. Springer Berlin Heidelberg. 2009; 63: 127–134p.

Fan Ming, Meng Xiaofeng. Data mining concepts and techniques. Mechanical Industry Press; 2001.

Aggrawal R, Imielinski T, Swami A. Mining association rules between sets of items in very large databases. Proceedings of the ACM SIGMOD Conference; 1993.

Liu B, Hsu W, Ma Y. Integrating classification and association rule mining. In Proceedings of the 4th international Conference on Knowledge Discovery and Data Mining. New York ,USA; 1998. 80–86p.

Newman D. KDD Cup 1999 Data. The UCI KDD Archive, Information and Computer Science, University Of California, Irvine. Available at: http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html.

Available at: https://www.ll.mit.edu/ideval/data/1998data.html, Last Accessed On 05/04/2015.

Tavallaee Mahbod, et al. A detailed analysis of the KDD CUP 99 data set. Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications; 2009.

Nguyen, Hai Thanh, Katrin Franke, et al. Feature extraction methods for intrusion detection systems. Threats, Countermeasures, and Advances in Applied Information Security. 2012; 23: 30p.

Agrawal Rakesh, Tomasz Imieliński, Arun Swami. Mining association rules between sets of items in large databases. ACM SIGMOD Record. 1993; 22(2): 207–216p.

Tan Pang-Ning, Vipin Kumar. Association Analysis: Basic Concepts and Algorithms. Introduction to Data Mining. Addison-Wesley; 2005.

Changguo Ye, et al. The research on the application of association rules mining algorithm in network intrusion detection. Education Technology and Computer Science IEEE. 2009; 2: 849–852p.

Tsai, Flora S. Network intrusion detection using association rules. International Journal of Recent Trends in Engineering. 2009; 2(2): 202–204p.

Markam, Vikas, Shirish Mohan Dubey. A general study of associations rule mining in intrusio n detection system. Int. J. Emerg. Techn. Adv. Eng. 2012; 2(1): 347–356p.

Yin Xiaoxin, Jiawei Han. CPAR: classification based on predictive association rules. SDM. 2003; 3: 331–335p.

Balaji, Bangaru Veera, Vedula Venkateswara Rao. Improved classification based association rule mining. International Journal of Advanced Research in Computer and Communi-cation Engineering. 2013; 2(5): 2211–2221p.


Refbacks

  • There are currently no refbacks.


This site has been shifted to https://stmcomputers.stmjournals.com/