Yu-Chin Cheng, Chien-Hung Chen, Chung-Chih Chiang, Jun-Wei Wang, C. Laih
{"title":"Generating Attack Scenarios with Causal Relationship","authors":"Yu-Chin Cheng, Chien-Hung Chen, Chung-Chih Chiang, Jun-Wei Wang, C. Laih","doi":"10.1109/GrC.2007.117","DOIUrl":null,"url":null,"abstract":"With the incoming of information era, Internet has been developed rapidly and offered more and more services. However, intrusions, viruses and worms follow with the grown of Internet, spread widely all over the world within high speed network. Although many kinds of intrusion detection systems (IDSs) are developed, they have some disadvantages in that they focus on low-level attacks or anomalies, and raise alerts independently. In this paper, we give a formal description about attack patterns, attack transition states and attack scenarios. We proposed the system architecture to generate an attack scenario database correctly and completely. We first classify and extract attack patterns, then, correlate attack patterns with pre/post conditions matching and. Moreover, the approach, attack scenario generation with casual relationship (ASGCR), is proposed to build an attack scenario database Finally, we present the combination of our attack scenario database with security operation center (SOC) to implement the related components concerning alert integrations and correlations. It is shown that our method is better than CAML [4] since we can generate more attack scenarios effectively and correctly to help system managers to maintain network security.","PeriodicalId":259430,"journal":{"name":"2007 IEEE International Conference on Granular Computing (GRC 2007)","volume":"187 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Conference on Granular Computing (GRC 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GrC.2007.117","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
With the incoming of information era, Internet has been developed rapidly and offered more and more services. However, intrusions, viruses and worms follow with the grown of Internet, spread widely all over the world within high speed network. Although many kinds of intrusion detection systems (IDSs) are developed, they have some disadvantages in that they focus on low-level attacks or anomalies, and raise alerts independently. In this paper, we give a formal description about attack patterns, attack transition states and attack scenarios. We proposed the system architecture to generate an attack scenario database correctly and completely. We first classify and extract attack patterns, then, correlate attack patterns with pre/post conditions matching and. Moreover, the approach, attack scenario generation with casual relationship (ASGCR), is proposed to build an attack scenario database Finally, we present the combination of our attack scenario database with security operation center (SOC) to implement the related components concerning alert integrations and correlations. It is shown that our method is better than CAML [4] since we can generate more attack scenarios effectively and correctly to help system managers to maintain network security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
