A graph similarity-based approach to security event analysis using correlation techniques

Qishi Wu, Yi Gu, Xiaohui Cui, Praneeth Moka, Yunyue Lin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize and identify security events. Diverging from the traditional rule- or statistical-based pattern matching techniques, the proposed mechanism represents security events in a graphical form of correlation networks and identifies security events through the computation of graph similarity measurements to eliminate the need for constructing user or system profiles. These technical components take fundamentally different approaches from traditional empirical or statistical methods and are designed based on rigorous computational analysis with mathematically proven performance guarantee. The performance superiority of the proposed mechanism is demonstrated by extensive simulation and experimental results.

Original languageEnglish (US)
Title of host publication2010 IEEE Global Telecommunications Conference, GLOBECOM 2010
DOIs
StatePublished - 2010
Externally publishedYes
Event53rd IEEE Global Communications Conference, GLOBECOM 2010 - Miami, FL, United States
Duration: Dec 6 2010Dec 10 2010

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference

Other

Other53rd IEEE Global Communications Conference, GLOBECOM 2010
Country/TerritoryUnited States
CityMiami, FL
Period12/6/1012/10/10

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Keywords

  • Correlation
  • Graph similarity
  • Intrusion detection
  • Random matrix theory

Fingerprint

Dive into the research topics of 'A graph similarity-based approach to security event analysis using correlation techniques'. Together they form a unique fingerprint.

Cite this