Li Wang, Zhitang Li, Jie Ma, Yang-ming Ma, Aifang Zhang
{"title":"Automatic attack plan recognition from intrusion alerts","authors":"Li Wang, Zhitang Li, Jie Ma, Yang-ming Ma, Aifang Zhang","doi":"10.1109/SNPD.2007.396","DOIUrl":null,"url":null,"abstract":"The amount of security application products connected to the Internet increased so dramatically that they usually generate huge volumes of security audit data. Therefore, it is important to develop an advanced alert correlation system that can reduce data redundancy and provide effective direction. This paper describes the framework, SATA, for Security Alerts and Threats analysis. Using SATA, raw audit data is firstpreprocessed into hi-alerts, which are refined and verified as true threat. We further analyze the correlation-ship of real-time hi-alerts to achieve the goal of online attack plan recognition. A key contribution of the paper is thus in automatic \"multistage attack plan recognition\". It also solves the problem of detecting novel multi-stage attacks. Experiment shows our approach can effectively correlate multi-stage attack behaviors and identify true attack threats.","PeriodicalId":197058,"journal":{"name":"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)","volume":"26 9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2007.396","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
The amount of security application products connected to the Internet increased so dramatically that they usually generate huge volumes of security audit data. Therefore, it is important to develop an advanced alert correlation system that can reduce data redundancy and provide effective direction. This paper describes the framework, SATA, for Security Alerts and Threats analysis. Using SATA, raw audit data is firstpreprocessed into hi-alerts, which are refined and verified as true threat. We further analyze the correlation-ship of real-time hi-alerts to achieve the goal of online attack plan recognition. A key contribution of the paper is thus in automatic "multistage attack plan recognition". It also solves the problem of detecting novel multi-stage attacks. Experiment shows our approach can effectively correlate multi-stage attack behaviors and identify true attack threats.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
