A Bayesian network-based approach for learning attack strategies from intrusion alerts
作者: Fatemeh Kavousi , Behzad Akbari
DOI: 10.1002/SEC.786
关键词:
摘要: A tremendous number of low-level alerts reported by information security systems clearly reflect the need for an advanced alert correlation system to reduce redundancy, correlate alerts, detect attack strategies, and take appropriate actions against upcoming attacks. Up now, a variety methods have been suggested. However, most them rely on priori hard-coded domain expert knowledge that leads their difficult implementation limited capabilities detecting new strategies. To overcome drawbacks these approaches, recent trend research in has gone towards extracting strategies through automatic analysis intrusion alerts. In line with researches, this paper, we present algorithms automatically mine behavior patterns from historical as accurately efficiently possible. Our is composed two main components. The first offline component generates rules analyzing previously observed using Bayesian causality mechanism. Then, online component, are correlated hierarchical scheme based extracted rules. experimental results show efficiency proposed method learning Copyright © 2013 John Wiley & Sons, Ltd.
acm.org
sci-hub.se 参考文章(27)
Seyed Hossein Ahmadinejad, Saeed Jalili, Correlating Alerts into Compressed Graphs Using an Attribute-Based Method and Time Windows International Conference on Security Technology. pp. 18- 25 ,(2009) , 10.1007/978-3-642-10847-1_3
Ali A. Ghorbani, Bin Zhu, Alert Correlation for Extracting Attack Strategies International Journal of Network Security. ,vol. 3, pp. 244- 258 ,(2006)
Peng Ning, Christopher G. Healey, Robert St. Amant, Dingbang Xu, Building Attack Scenarios through Integration of Complementary Alert Correlation Method. network and distributed system security symposium. ,(2004)
Karim Tabia, Philippe Leray, Bayesian Network-Based Approaches for Severe Attack Prediction and Handling IDSs' Reliability international conference information processing. pp. 632- 642 ,(2010) , 10.1007/978-3-642-14058-7_65
Frédéric Cuppens, Rodolphe Ortalo, LAMBDA: A Language to Model a Database for Detection of Attacks recent advances in intrusion detection. pp. 197- 216 ,(2000) , 10.1007/3-540-39945-3_13
Xinzhou Qin, Wenke Lee, Discovering Novel Attack Strategies from INFOSEC Alerts Computer Security – ESORICS 2004. pp. 439- 456 ,(2004) , 10.1007/978-3-540-30108-0_27
Soojin Lee, Byungchun Chung, Heeyoul Kim, Yunho Lee, Chanil Park, Hyunsoo Yoon, Real-time analysis of intrusion detection alerts via correlation Computers & Security. ,vol. 25, pp. 169- 183 ,(2006) , 10.1016/J.COSE.2005.09.004
Seyed Hossein Ahmadinejad, Saeed Jalili, Mahdi Abadi, A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs Computer Networks. ,vol. 55, pp. 2221- 2240 ,(2011) , 10.1016/J.COMNET.2011.03.005
Jie Cheng, Russell Greiner, Jonathan Kelly, David Bell, Weiru Liu, Learning Bayesian networks from data: An information-theory based approach Artificial Intelligence. ,vol. 137, pp. 43- 90 ,(2002) , 10.1016/S0004-3702(02)00191-1
Kaiyuan Jiang, Zhiyuan Fang, Yuanting Ge, Yu Zhou, Information Retrieval through SVG-based Vector Images Using an Original Method international conference on e-business engineering. pp. 183- 188 ,(2007) , 10.1109/ICEBE.2007.69