A realistic graph-based alert correlation system

被引：27

作者：

Ben Fredj, Ouissem ^{[1
]}

机构：

[1] Taif Univ, At Taif, Saudi Arabia

来源：

SECURITY AND COMMUNICATION NETWORKS | 2015年 / 8卷 / 15期

关键词：

security; correlation; attack graph; Markov chain;

D O I：

10.1002/sec.1190

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper introduces a graph-based attack description that comes with different analysis methods for alert correlation. The system encompasses an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and graph-based classification method to extract different types of alerts. The performance analysis shows that the system can correlate a huge number of alerts (more than 442000 alerts) into a dozens of attack graphs. The attack graph has permitted us to extract several attack properties with high precision. Copyright (c) 2015 John Wiley & Sons, Ltd.

引用

页码：2477 / 2493

页数：17

共 32 条

[1] A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs
Ahmadinejad, Seyed Hossein
Jalili, Saeed
Abadi, Mandi
[J]. COMPUTER NETWORKS, 2011, 55 (09) : 2221 - 2240
[2] AKERS SB, 1978, IEEE T COMPUT, V27, P509, DOI 10.1109/TC.1978.1675141
[3] Andersen H.R., 1999, LECT NOTES
[4] [Anonymous], 2004, NDSS
[5] [Anonymous], 2001, INT WORKSH REC ADV I
[6] [Anonymous], 2001, Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, RAID'00, DOI 10.1007/3-540-45474-86
[7] Alarm reduction and correlation in defence of IP networks
Chyssler, T
Nadjm-Tehrani, S
Burschka, S
Burbeck, K
[J]. THIRTEENTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2004, : 229 - 234
[8] Cuppens F, 2002, P IEEE S SECUR PRIV, P202, DOI 10.1109/SECPRI.2002.1004372
[9] DAIN O, 2002, IEEE T SYSTEMS MAN C
[10] DEBAR H, 2007, 4765 IETF RFC

← 1 2 3 4 →