首页 | 本学科首页   官方微博 | 高级检索  
     


A graph based system for multi-stage attacks recognition
Authors:Safaa O. Al-Mamory  Zhai Jianhong  Zhang Hongli
Affiliation:School of Computer Science, Harbin Institute of technology, Harbin 150001, P.R. China
Abstract:
Building attack scenario is one of the most important aspects in network security. This paper proposed a system which collects intrusion alerts, clusters them as sub-attacks using alerts abstraction, aggregates the similar sub-attacks, and then correlates and generates correlation graphs. The scenarios were represented by alert classes instead of alerts themselves so as to reduce the required rules and have the ability of detecting new variations of attacks. The proposed system is capable of passing some of the missed attacks. To evaluate system effectiveness, it was tested with different datasets which contain multi-step attacks. Compressed and easily understandable correlation graphs which reflect attack scenarios were generated. The proposed system can correlate related alerts, uncover the attack strategies, and detect new variations of attacks.
Keywords:network security  intrusion detection  alert correlation  attack graph  scenario  clustering
本文献已被 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号