عنوان البحث(Papers / Research Title)
Multistep Attacks Extraction Using Compiler Techniques1
الناشر \ المحرر \ الكاتب (Author / Editor / Publisher)
صفاء عبيس مهدي المعموري
Citation Information
صفاء,عبيس,مهدي,المعموري ,Multistep Attacks Extraction Using Compiler Techniques1 , Time 6/12/2011 7:37:28 AM : كلية تكنولوجيا المعلومات
وصف الابستركت (Abstract)
Multistep Attacks Extraction Using Compiler Techniques1
الوصف الكامل (Full Abstract)
Multistep Attacks Extraction Using Compiler Techniques1
Safaa O. Al- Mamory, ZHANG Hongli School of Computer Science,
Harbin Institute of technology,Harbin, China
safaa_vb@yahoo.com , zhl@pact518.hit.edu.cn
Abstract
:-
The Intrusion detection system (IDS) is a security technology that attempts to identify network intrusions.
Defending against multistep intrusions which prepare for each other is a challenging task. In this paper, alerts classified into predefined classes. Then, the Context-Free Grammar (CFG) was used to describe the multistep attacks using alerts classes. Based on the CFGs, the modified LR parser was recruited to generate the parse trees of the scenarios presented in the alerts. The experiments were performed on two different sets of network traffic traces, using different open-source and commercial IDSs. The detected scenarios are represented by Correlation Graphs (CGs). The experimental results show that the CFG can describe multistep attacks explicitly and the modified LR parser, based on the CFG, can construct scenarios successfully.
Introduction:-
The study of IDS has become an important aspect of network security. When the IDS detects a set of attacks, it will generate many alerts referring to security breaches. Unfortunately, the IDS can not deduce anything from these separated attacks. As a result, alert correlation is an important solution to link separated attacks, to give alerts another meaning, and to infer attack scenarios. Alert correlation function is to find out the logical relationships among the alerts. Attackers are likely to launch a series of attacks against their targets. Intelligent hackers are more likely to disguise their real purpose by launching many other minor attacks. Alert correlation is used to correlate alerts based on logical relationships among the alerts. This function will provide the security analysts with a great insight into where the initial attacks came from and where they actually end up.
Dear visitor,
For downloading the full version of the research/article click on the pdf icon above.
تحميل الملف المرفق Download Attached File
|
|