Group Member

Yimeng Zhang
Master Student

Personal Homepage:  
Email: yimengz@cs.cmu.edu

Intrusion Detection and Event Analysis System 

We design machine learning techniques for intrusion detection and intrusion data analysis. We have focused on techniques for analyzing alerts generated from intrusion detection systems.

Current Intrusion Detection Systems (IDSs) generate an unmanageable amount of alerts every day, and up to 99% of these alerts are false alerts. As a result, it is difficult for human users to understand the alerts and take appropriate actions. In this paper, we will provide a number of techniques based on activity graphs to address this issue. To help manage the large amount of alerts, we aggregate raw alerts into scenarios using alert correlation techniques, and build activity graphs from each scenario. Thus we provide the user these activity graphs that indicate the activities taken place in the specific systems, instead of the unmanageable amount of raw alerts. In order to reduce false alerts, we classify the activity graphs into true attack strategies and normal scenarios. We present a system implementing the proposed algorithms with a graphical user interface. We do experiments with this system on Darpa 1999, 2000 and a real world datasets. Experimental results show that the activity graphs help to reduce the workload for analyzing the large volume of alerts, and classifying attack graphs is much more effective and efficient than reducing individual false alerts.

A system is built in Java and PHP with our algorithms. The system provides a Java based graphical user interface as the left figure, and a PHP based web interface .

Please refer to the Intrusion Detection and Event Analysis System for more details. 

This website is maintained by Devi Parikh
Copyright © 2001 Advanced Multimedia Processing Lab. All rights reserved.
Revised: January 11, 2008