An iterative alert correlation method for extracting network intrusion scenarios
作者: Reza Anbarestani , Behzad Akbari , Fariba Fathi
DOI: 10.1109/IRANIANCEE.2012.6292441
关键词:
摘要: Alert correlation aims to provide an abstract and high-level view of environment security state, as one can extract attack strategies from raw intrusion alerts. Most existing alert approaches depend on either expert knowledge or predefined patterns for detecting complex steps. In this paper we a Bayesian network based approach that is able discover without need knowledge. The main goal work extracting scenarios, with taking into account the sequence actions. We also try eliminate redundant relationships in detected scenario. experimental evaluation using well-known DARPA 2000 data set shows efficiency our proposed scenarios.
sci-hub.se 参考文章(14)
Ali A. Ghorbani, Bin Zhu, Alert Correlation for Extracting Attack Strategies International Journal of Network Security. ,vol. 3, pp. 244- 258 ,(2006)
Karim Tabia, Philippe Leray, Bayesian Network-Based Approaches for Severe Attack Prediction and Handling IDSs' Reliability international conference information processing. pp. 632- 642 ,(2010) , 10.1007/978-3-642-14058-7_65
Karim Tabia, Philippe Leray, Handling IDS' reliability in alert correlation: A Bayesian network-based model for handling IDS's reliability and controlling prediction/false alarm rate tradeoffs international conference on security and cryptography. pp. 14- 24 ,(2010)
Chenfeng Vincent Zhou, Christopher Leckie, Shanika Karunasekera, A survey of coordinated attacks and collaborative intrusion detection Computers & Security. ,vol. 29, pp. 124- 140 ,(2010) , 10.1016/J.COSE.2009.06.008
Jingmin Zhou, Mark Heckman, Brennen Reynolds, Adam Carlson, Matt Bishop, Modeling network intrusion detection alerts for correlation ACM Transactions on Information and System Security. ,vol. 10, pp. 4- ,(2007) , 10.1145/1210263.1210267
Alfonso Valdes, Keith Skinner, Probabilistic Alert Correlation recent advances in intrusion detection. pp. 54- 68 ,(2001) , 10.1007/3-540-45474-8_4
Peng Ning, Yun Cui, Douglas S. Reeves, Dingbang Xu, Techniques and tools for analyzing intrusion alerts ACM Transactions on Information and System Security. ,vol. 7, pp. 274- 318 ,(2004) , 10.1145/996943.996947
Hanli Ren, Natalia Stakhanova, Ali A. Ghorbani, An online adaptive approach to alert correlation international conference on detection of intrusions and malware and vulnerability assessment. pp. 153- 172 ,(2010) , 10.1007/978-3-642-14215-4_9
Salem Benferhat, Tayeb Kenaza, Aicha Mokhtari, A Naive Bayes Approach for Detecting Coordinated Attacks computer software and applications conference. pp. 704- 709 ,(2008) , 10.1109/COMPSAC.2008.213
Peng Ning, Dingbang Xu, Learning attack strategies from intrusion alerts computer and communications security. pp. 200- 209 ,(2003) , 10.1145/948109.948137