معلومات البحث الكاملة في مستودع بيانات الجامعة

عنوان البحث(Papers / Research Title)


Scenario Discovery Using Abstracted Correlation Graph


الناشر \ المحرر \ الكاتب (Author / Editor / Publisher)

 
صفاء عبيس مهدي المعموري

Citation Information


صفاء,عبيس,مهدي,المعموري ,Scenario Discovery Using Abstracted Correlation Graph , Time 6/12/2011 10:09:10 AM : كلية تكنولوجيا المعلومات

وصف الابستركت (Abstract)


Scenario Discovery Using Abstracted Correlation Graph

الوصف الكامل (Full Abstract)


  Scenario Discovery Using Abstracted Correlation Graph

 
Safaa O. Al- Mamory School of Computer Science,Harbin Institute of technology,Harbin,Safaa_vb@yahoo.com

Hong Li Zhang School of Computer Science Harbin Institute of technology China Harbin, China
 
zhl@pact518.hit.edu.cn

 
Abstract:-

 
Intrusion alert correlation techniques correlate alerts into meaningful groups or attack scenarios for the ease to understand by human analysts. These correlation techniques have different strengths and limitations. However, all of them depend heavily on the underlying network intrusion detection systems (NIDSs) and perform poorly when the NIDSs miss critical attacks. In this paper, a system was  roposed to represents a set of alerts as subattacks. Then correlates these subattacks and generates abstracted correlation graphs (CGs) which reflect attack scenarios. It also represents attack scenarios by classes  f alerts instead of alerts themselves to reduce the rules required and to detect new variations of attacks.  he experiments were conducted using Snort as NIDS with different datasets which contain multistep  ttacks. The resulted CGs imply that our method can correlate related alerts, uncover the attack strategies, and can detect new variations of attacks.
 
 
 
Introduction:-
 
 
When the NIDS detects a set of attacks, it will generate many alerts that refer to security breaches. Unfortunately, the NIDS cannot deduce anything from these separated attacks. So, alert correlation is  n important solution to link separated attacks, to give alerts another meaning, and to infer attack  cenarios. Alert correlation and analysis is a critical task in security management. Recently, several  echniques and approaches have been proposed to correlate and analyze security alerts, most of them  ocus on the aggregation and analysis of raw security alerts, and build attack scenarios. An interesting  ethod is the work of Ning et al. [1]. They were a proposed alert correlation model based on the  bservation that most intrusions consist of many stages, with the early stages preparing for the later ones. They were collected alerts from NIDS, correlated off-line, and tried to draw a big picture  through CGs) of what happens in the network.  However, there are some shortcomings associated with  his method: 1.  The graph explosion problem that occurs in the generated CGs makes the resulted graphs complex and hard to understand. 2. Huge number of rules used to draw these graphs representing alerts prerequisites and consequences.3. The affects of the missed attacks by NIDS resulted graphs that yield separated CGs.


 
   
Dear visitor, 
For downloading the full version of the research/article click on the pdf icon above.

تحميل الملف المرفق Download Attached File

تحميل الملف من سيرفر شبكة جامعة بابل (Paper Link on Network Server) repository publications

البحث في الموقع

Authors, Titles, Abstracts

Full Text




خيارات العرض والخدمات


وصلات مرتبطة بهذا البحث