{"title":"Real-Time Correlation of Network Security Alerts","authors":"Zhitang Li, Aifang Zhang, Jie Lei, Li Wang","doi":"10.1109/ICEBE.2007.69","DOIUrl":null,"url":null,"abstract":"With the growing deployment of network security devices, it becomes a great challenge to manage the large volume of security alerts from these devices. In this paper a novel method using sequential pattern mining algorithm is applied to discover complicated multistage attack behavior patterns. Their result can be transformed into rules automatically. In contrast with other approaches, it overcomes the drawback of high dependence on precise attack specifications and accurate rule definitions. Based on the algorithms, a real-time alert correlation system is proposed to detect an ongoing attack and predict the upcoming next step of a multistage attack in real time. Consequently, network administrator can be aware of the threat as soon as possible and take deliberate action to prevent the target of an attack from further compromise. We implement the system and valid our method by a series of experiments with test dataset and in real network environment. The result shows the effectivity of the system in discovery and predication of attacks.","PeriodicalId":184487,"journal":{"name":"IEEE International Conference on e-Business Engineering (ICEBE'07)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"37","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE International Conference on e-Business Engineering (ICEBE'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICEBE.2007.69","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 37
Abstract
With the growing deployment of network security devices, it becomes a great challenge to manage the large volume of security alerts from these devices. In this paper a novel method using sequential pattern mining algorithm is applied to discover complicated multistage attack behavior patterns. Their result can be transformed into rules automatically. In contrast with other approaches, it overcomes the drawback of high dependence on precise attack specifications and accurate rule definitions. Based on the algorithms, a real-time alert correlation system is proposed to detect an ongoing attack and predict the upcoming next step of a multistage attack in real time. Consequently, network administrator can be aware of the threat as soon as possible and take deliberate action to prevent the target of an attack from further compromise. We implement the system and valid our method by a series of experiments with test dataset and in real network environment. The result shows the effectivity of the system in discovery and predication of attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
