{"title":"An alert fusion framework for situation awareness of coordinated multistage attacks","authors":"S. Mathew, Chintan Shah, S. Upadhyaya","doi":"10.1109/IWIA.2005.3","DOIUrl":null,"url":null,"abstract":"Recent incidents in the cyber world strongly suggest that coordinated multistage cyber attacks are quite feasible and that effective countermeasures need to be developed. Attack detection by correlation and fusion of intrusion alerts has been an active area of current research. However, most of these research efforts focus on ex post facto analysis of alert data to uncover related attacks. In this paper, we present an approach for dynamically calculating 'scenario credibilities' based on the state of a live intrusion alert stream. We also develop a framework for attack scenario representation that facilitates real-time fusion of intrusion alerts and calculation of the scenario credibility values. Our approach provides a usable mechanism for detecting, predicting and reasoning about multistage goal-oriented attacks in real time. The details of the fusion framework and a description of multistage attack detection using this framework are presented in this paper.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Third IEEE International Workshop on Information Assurance (IWIA'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2005.3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 34
Abstract
Recent incidents in the cyber world strongly suggest that coordinated multistage cyber attacks are quite feasible and that effective countermeasures need to be developed. Attack detection by correlation and fusion of intrusion alerts has been an active area of current research. However, most of these research efforts focus on ex post facto analysis of alert data to uncover related attacks. In this paper, we present an approach for dynamically calculating 'scenario credibilities' based on the state of a live intrusion alert stream. We also develop a framework for attack scenario representation that facilitates real-time fusion of intrusion alerts and calculation of the scenario credibility values. Our approach provides a usable mechanism for detecting, predicting and reasoning about multistage goal-oriented attacks in real time. The details of the fusion framework and a description of multistage attack detection using this framework are presented in this paper.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
