Adaptive Feature-Weighted Alert Correlation System Applicable in Cloud Environment

Abstract

Growing with the technology, there are many new attack techniques presented in the cloud environment. Different from the general server, once the cloud environment suffered from malicious attacks, people or companies will get caught in extreme dangers. Therefore, it is important for network security in cloud. Since there are a lot of packets in network traffic including malicious packets, huge amounts of alerts will be generated by the intrusion detection system. Analyzing these alert data is time-consuming and it is difficult to obtain the attack steps and strategies immediately by directly performing these analyses. We proposed an adaptive feature-weighted alert correlation system that employs a Bayesian Network to choose the features with high relevance and then adjusts the feature weights according to the statistics of Bayesian Network in a period of time. We estimate the correlation probability of two alerts with the relevant features by using the Feature Wight Matrix, and the correlation probability is recorded in Alert Correlation Matrix. Using the information in Alert Correlation Matrix, we can extract high level attack strategies and construct attack graphs. In our system, facing a great deal of network traffic, the administrator can accurately recognize intruders' intentions and learn about the attack probabilities and network security situations.