{"title":"A Cloud Immune Security Model Based on Alert Correlation and Software Defined Network","authors":"R. Melo, D. D. J. D. Macedo","doi":"10.1109/WETICE.2019.00019","DOIUrl":null,"url":null,"abstract":"In this paper, we explore the AIS approach to develop an agent-based detection method to analyze network traffic. The system works in conjunction with attack graph based correlation and software-defined network (SDN) technology to mitigate attacks. In the correlation technique, alerts are correlated through an attack graph which improves detection performance by decreasing the false alert rate. The false alert reduction can avoid the negative effect that an SDN countermeasure can bring to the cloud Service Level Agreement (SLA) on the absence of threats. This work was tested for multi-step and distributed denial of service (DDoS) attacks. Results have shown the addition of the correlation technique can aid to the detection performance of AIS detection systems.","PeriodicalId":116875,"journal":{"name":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
In this paper, we explore the AIS approach to develop an agent-based detection method to analyze network traffic. The system works in conjunction with attack graph based correlation and software-defined network (SDN) technology to mitigate attacks. In the correlation technique, alerts are correlated through an attack graph which improves detection performance by decreasing the false alert rate. The false alert reduction can avoid the negative effect that an SDN countermeasure can bring to the cloud Service Level Agreement (SLA) on the absence of threats. This work was tested for multi-step and distributed denial of service (DDoS) attacks. Results have shown the addition of the correlation technique can aid to the detection performance of AIS detection systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
