Scalable Detection of Cyber Attacks
作者: Massimiliano Albanese , Sushil Jajodia , Andrea Pugliese , V. S. Subrahmanian
DOI: 10.1007/978-3-642-27245-5_4
关键词: Scalability 、 Data structure 、 Exploit 、 State (computer science) 、 Cyber-attack 、 Process (computing) 、 Attack patterns 、 Computer security 、 Vulnerability assessment 、 Computer science
摘要: Attackers can exploit vulnerabilities to incrementally penetrate a network and compromise critical systems. The enormous amount of raw security data available analysts the complex interdependencies among make manual analysis extremely labor-intensive error-prone. To address this important problem, we build on previous work topological vulnerability analysis, propose an automated framework manage very large attack graphs monitor high volumes incoming alerts for occurrence known patterns in real-time. Specifically, (i) structure that merges multiple enables concurrent monitoring types attacks; (ii) index effectively millions time-stamped alerts; (iii) real-time algorithm process continuous stream alerts, update index, detect occurrences. We show proposed solution significantly improves state art cyber detection, enabling detection.
springer.com
researchgate.net 
sci-hub.st 参考文章(15)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
S. Noel, E. Robertson, S. Jajodia, Correlating intrusion events and building attack scenarios through attack graph distances annual computer security applications conference. pp. 350- 359 ,(2004) , 10.1109/CSAC.2004.11
Sushil Jajodia, Steven Noel, Topological Vulnerability Analysis Ai & Society. ,vol. 46, pp. 139- 154 ,(2010) , 10.1007/978-1-4419-0140-8_7
Oliver Dain, Robert K. Cunningham, Fusing A Heterogeneous Alert Stream Into Scenarios Applications of Data Mining in Computer Security. pp. 103- 122 ,(2002) , 10.1007/978-1-4615-0953-0_5
Naji Habra, Baudouin Le Charlier, Abdelaziz Mounji, Isabelle Mathieu, ASAX: Software Architecture and Rule-Based Language for Universal Audit Trail Analysis european symposium on research in computer security. pp. 435- 450 ,(1992) , 10.1007/BFB0013912
Alfonso Valdes, Keith Skinner, Probabilistic Alert Correlation recent advances in intrusion detection. pp. 54- 68 ,(2001) , 10.1007/3-540-45474-8_4
Lingyu Wang, Anyi Liu, Sushil Jajodia, Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts Computer Communications. ,vol. 29, pp. 2917- 2933 ,(2006) , 10.1016/J.COMCOM.2006.04.001
Massimiliano Albanese, Andrea Pugliese, V.S. Subrahmanian, Octavian Udrea, MAGIC: A Multi-Activity Graph Index for Activity Detection information reuse and integration. pp. 267- 272 ,(2007) , 10.1109/IRI.2007.4296632
Peng Ning, Dingbang Xu, Learning attack strategies from intrusion alerts computer and communications security. pp. 200- 209 ,(2003) , 10.1145/948109.948137
Xinzhou Qin, Wenke Lee, Statistical Causality Analysis of Infosec Alert Data recent advances in intrusion detection. pp. 73- 93 ,(2003) , 10.1007/978-3-540-45248-5_5