A graph similarity-based approach to security event analysis using correlation techniques

Qishi Wu; Yi Gu; Xiaohui Cui; Praneeth Moka; Yunyue Lin

doi:10.1109/GLOCOM.2010.5683648

A graph similarity-based approach to security event analysis using correlation techniques

Qishi Wu, Yi Gu, Xiaohui Cui, Praneeth Moka, Yunyue Lin

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize and identify security events. Diverging from the traditional rule- or statistical-based pattern matching techniques, the proposed mechanism represents security events in a graphical form of correlation networks and identifies security events through the computation of graph similarity measurements to eliminate the need for constructing user or system profiles. These technical components take fundamentally different approaches from traditional empirical or statistical methods and are designed based on rigorous computational analysis with mathematically proven performance guarantee. The performance superiority of the proposed mechanism is demonstrated by extensive simulation and experimental results.

Original language	English (US)
Title of host publication	2010 IEEE Global Telecommunications Conference, GLOBECOM 2010
DOIs	https://doi.org/10.1109/GLOCOM.2010.5683648
State	Published - 2010
Externally published	Yes
Event	53rd IEEE Global Communications Conference, GLOBECOM 2010 - Miami, FL, United States Duration: Dec 6 2010 → Dec 10 2010

Publication series

Name	GLOBECOM - IEEE Global Telecommunications Conference

Other

Other	53rd IEEE Global Communications Conference, GLOBECOM 2010
Country/Territory	United States
City	Miami, FL
Period	12/6/10 → 12/10/10

All Science Journal Classification (ASJC) codes

Electrical and Electronic Engineering

Keywords

Correlation
Graph similarity
Intrusion detection
Random matrix theory

Access to Document

10.1109/GLOCOM.2010.5683648

Cite this

@inproceedings{054be60558b94d8eaad196146234c9e2,

title = "A graph similarity-based approach to security event analysis using correlation techniques",

abstract = "Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize and identify security events. Diverging from the traditional rule- or statistical-based pattern matching techniques, the proposed mechanism represents security events in a graphical form of correlation networks and identifies security events through the computation of graph similarity measurements to eliminate the need for constructing user or system profiles. These technical components take fundamentally different approaches from traditional empirical or statistical methods and are designed based on rigorous computational analysis with mathematically proven performance guarantee. The performance superiority of the proposed mechanism is demonstrated by extensive simulation and experimental results.",

keywords = "Correlation, Graph similarity, Intrusion detection, Random matrix theory",

author = "Qishi Wu and Yi Gu and Xiaohui Cui and Praneeth Moka and Yunyue Lin",

year = "2010",

doi = "10.1109/GLOCOM.2010.5683648",

language = "English (US)",

isbn = "9781424456383",

series = "GLOBECOM - IEEE Global Telecommunications Conference",

booktitle = "2010 IEEE Global Telecommunications Conference, GLOBECOM 2010",

note = "53rd IEEE Global Communications Conference, GLOBECOM 2010 ; Conference date: 06-12-2010 Through 10-12-2010",

}

Wu, Q, Gu, Y, Cui, X, Moka, P & Lin, Y 2010, A graph similarity-based approach to security event analysis using correlation techniques. in 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010., 5683648, GLOBECOM - IEEE Global Telecommunications Conference, 53rd IEEE Global Communications Conference, GLOBECOM 2010, Miami, FL, United States, 12/6/10. https://doi.org/10.1109/GLOCOM.2010.5683648

TY - GEN

T1 - A graph similarity-based approach to security event analysis using correlation techniques

AU - Wu, Qishi

AU - Gu, Yi

AU - Cui, Xiaohui

AU - Moka, Praneeth

AU - Lin, Yunyue

PY - 2010

Y1 - 2010

N2 - Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize and identify security events. Diverging from the traditional rule- or statistical-based pattern matching techniques, the proposed mechanism represents security events in a graphical form of correlation networks and identifies security events through the computation of graph similarity measurements to eliminate the need for constructing user or system profiles. These technical components take fundamentally different approaches from traditional empirical or statistical methods and are designed based on rigorous computational analysis with mathematically proven performance guarantee. The performance superiority of the proposed mechanism is demonstrated by extensive simulation and experimental results.

AB - Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize and identify security events. Diverging from the traditional rule- or statistical-based pattern matching techniques, the proposed mechanism represents security events in a graphical form of correlation networks and identifies security events through the computation of graph similarity measurements to eliminate the need for constructing user or system profiles. These technical components take fundamentally different approaches from traditional empirical or statistical methods and are designed based on rigorous computational analysis with mathematically proven performance guarantee. The performance superiority of the proposed mechanism is demonstrated by extensive simulation and experimental results.

KW - Correlation

KW - Graph similarity

KW - Intrusion detection

KW - Random matrix theory

UR - http://www.scopus.com/inward/record.url?scp=79551648376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79551648376&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2010.5683648

DO - 10.1109/GLOCOM.2010.5683648

M3 - Conference contribution

AN - SCOPUS:79551648376

SN - 9781424456383

T3 - GLOBECOM - IEEE Global Telecommunications Conference

BT - 2010 IEEE Global Telecommunications Conference, GLOBECOM 2010

T2 - 53rd IEEE Global Communications Conference, GLOBECOM 2010

Y2 - 6 December 2010 through 10 December 2010

ER -

A graph similarity-based approach to security event analysis using correlation techniques

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this